appbox-cookbook icon indicating copy to clipboard operation
appbox-cookbook copied to clipboard

Published 20 hours ago verified publisher icon teohm

Merge deploy user to apps

Open hzmangel opened this issue 11 years ago • 3 comments

Currently the user for deployment is deploy, while for running application is apps. This devision may cause permission problems, such as the one described in issue #5. The user deploy only works on deployment of webapps, so I think they can be merged to one account apps.

hzmangel avatar May 14 '13 04:05 hzmangel

Anything stopping this from getting merged?

andrewhavens avatar Nov 28 '13 05:11 andrewhavens

The code in this PR gives the apps user full sudoer access with no password. I think from a "secure by default" point of view this shouldn't be merged since a minor RCE bug in a web app can trivially be escalated to full root access.

Instead of running rake tasks as the deploy user, why not use sudo to impersonate the apps user? sudo -u apps RAILS_ENV=production bin/rake my:task

arrtchiu avatar Feb 05 '14 16:02 arrtchiu

Agree with @arrtchiu on this.

thekindofme avatar Feb 06 '14 06:02 thekindofme