deploy user doesn't need to be a sudoer if he's the owner of the app's runit directories

[webmat]

This pull request is the first part of the fix for issue #2

[bjensen]

Lets get this merged in already :-)

[webmat]

I agree we want this in. But there's one remaining issue I haven't had time to investigate yet. I'm not sure if it's a bug in the runit cookbook.

But setting the owner & group like I do here still doesn't set the ownership of the "supervise" directory for the process (it's still owned by root). Which makes the sv commands fail because of ownership problems.

You're more than welcome to try it out. You need to use my rackbox and appbox cookbooks, same branch name for both.

[bjensen]

Sounds like it could be related to this:

http://tickets.opscode.com/browse/COOK-1136

[teohm]

@webmat any updates on your investigation?

@bjensen, @webmat, I plan to experiment another alternative, although I'm not sure if this is a good practice: that is to update sudoer config, and allow users in deploy group to run sv without password.

See example: http://www.cyberciti.biz/tips/allow-a-normal-user-to-run-commands-as-root.html

[webmat]

To be honest, we're going to leave the deploy user a sudoer for the moment. I haven't had time to look into this yet. It's on my medium term plate, but not for this week or the next :-)

It would be nice if the approach in this link yields positive results. I've put it in my reading queue.

[webmat]

Another thing we may want to look into: http://community.opscode.com/cookbooks/deployer

It integrates with Opscode's "users" cookbooks, though. Not Mr Nichol's "user" cookbook. I personally wouldn't mind switching over if you decide to go that route.