I am using Capistrano to deploy to a PHP project to a server. I have a user on the server with sudo permissions (using sudo su), however I can not login in as root. How can I make Capistrano change to sudo when logged in so that the folders and files can be chowned to 'root:www-data'?
The rest of the deployment is running fine, but the ownership is critical. I have previously had root login so this has never been an issue before. Any advice would be much appreciated.
Try this Simons solution :
http://www.simonecarletti.com/blog/2010/07/capistrano-executing-a-command-as-root-without-using-sudo/
Related
I've newly started to use Laradock to build my Laravel projects but I have a problem in editing the files such as Controllers, Models, etc which are made by the php artisan command in the Laradock workspace. The reason is the user in the workspace is a root and on the other side, I'm trying to edit the file in my editor by a common user. So every time I have to run the command chmod -R 777 /newCreatedFile.php to change the permission. So is there any solution to handle this problem?
By the way my OS is ubuntu 18.04
In the Laradock Getting Started guide, it explains how to get Laradock running as a specified user:
Note: You can add --user=laradock to have files created as your host’s user. Example:
docker-compose exec --user=laradock workspace bash
I believe this should solve your issue, as you will no longer have the Docker user running these commands. Try it out!
Note: The core issue may just be that whatever user Laradock is running as is not creating files with group permissions that allows the host machine's user write capabilities, hence why the --user flag can be used. It may not actually be running as the root user itself.
I have a problem with my Laravel project on VPS. Locally everything works fine, but on VPS sometimes folder permission changes and web site stops to work. I don't know what causes this problem and what should I do?
Every time I have to fix with this code:
sudo chown -R user:user /data/web/website.com
There may be some script which is rewriting the permissions for your folder. Go with the .htaccess file that will definately work.
I've started using the Apache web server that comes with OS X (10.9.4) for testing. When I copy files to its web root (/Library/WebServer/Documents) or delete from the same, I get prompted for the admin password. I have this password, so that's not a problem. It's just inefficient. I haven't had this issue when using other installs of Apache (generally via MAMP). So I'm sure it's just a config issue. Any help is appreciated.
This is done to protect the directory, you can add an ACL to allow your user account read/write access to that folder.
You can add the ACL as follows, Please be sure to change "yourshortname" to your username on the computer.
sudo chmod -R +a "yourshortname allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity" /Library/WebServer/Documents
Let me know if it works for you.
Using Laravel Homestead to work with Laravel 4. After running vagrant up this morning, I was unable to access homestead.app:8000. I pinged it with no problem so I investigated my virtualbox and discovered that Nginx wasn't starting. I then attempted to view logs and I am denied permission from the /var/log/nginx directory which is owned by www-data adm.
My question then, what is the su or sudo password which would allow me to access that directory? The documentation is surprisingly void of any information as well as the Homestead.app Git repository. Thank you.
i had similar issue with laravel/homestead vagrant virtual machine and nginx not restarting. the error after running nginx -t was :
nginx: [crit] pread() "/etc/nginx/sites-enabled/sites-available" failed (21: Is a directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
solution was to delete the symbolic link sites_available:
rm -Rf /etc/nginx/sites-enabled/sites-available
than it worked:
service nginx restart
elevate to root by typing sudo -s
A quick way to jump to a root account shell is to run the "sudo bash" command. That way, if you don't have to have to type "sudo" in front of each command. Since this VM is for development purposes I don't see it as a danger, but in real production Ubuntu runs with the root account locked down so you always go in and should stay in with user level privileges until you need to execute a higher level command. You "can" enable the root account and set a password, but jumping to it with sudo is the better method.
You can just look at the log using the root account password. So: sudo nano and then just enter your root user's password. A root is able to do anything on the system, so that always is a solution for this kind of problems.
If you forgot the root password, just search google to recover it.
I have been trying to follow tutorials and this one: Deploy as Jenkins User or Allow Jenkins To Run As Different User?
but I still can't for the love of the computing gods, run as a different user. Here are the steps of what I did:
download the macosx pkg for jenkins(LTS)
setup plugins etc and git
try to build it
I keep getting a can't clone error because jenkins keeps starting as anonymous:
Started by user anonymous
How do I set it up so that jenkins runs as me? I was using the jenkins web UI so it was in localhost:8080
I tried logging in also using /login but I can't even login using my name or as root.
The people tab doesn't even have a create user link, so yeah I've been stuck. Help please?
The "Issue 2" answer given by #Sagar works for the majority of git servers such as gitorious.
However, there will be a name clash in a system like gitolite where the public ssh keys are checked in as files named with the username, ie keydir/jenkins.pub. What if there are multiple jenkins servers that need to access the same gitolite server?
(Note: this is about running the Jenkins daemon not running a build job as a user (addressed by #Sagar's "Issue 1").)
So in this case you do need to run the Jenkins daemon as a different user.
There are two steps:
Step 1
The main thing is to update the JENKINS_USER environment variable. Here's a patch showing how to change the user to ptran.
BEGIN PATCH
--- etc/default/jenkins.old 2011-10-28 17:46:54.410305099 -0700
+++ etc/default/jenkins 2011-10-28 17:47:01.670369300 -0700
## -13,7 +13,7 ##
PIDFILE=/var/run/jenkins/jenkins.pid
# user id to be invoked as (otherwise will run as root; not wise!)
-JENKINS_USER=jenkins
+JENKINS_USER=ptran
# location of the jenkins war file
JENKINS_WAR=/usr/share/jenkins/jenkins.war
--- etc/init.d/jenkins.old 2011-10-28 17:47:20.878539172 -0700
+++ etc/init.d/jenkins 2011-10-28 17:47:47.510774714 -0700
## -23,7 +23,7 ##
#DAEMON=$JENKINS_SH
DAEMON=/usr/bin/daemon
-DAEMON_ARGS="--name=$NAME --inherit --env=JENKINS_HOME=$JENKINS_HOME --output=$JENKINS_LOG - -pidfile=$PIDFILE"
+DAEMON_ARGS="--name=$JENKINS_USER --inherit --env=JENKINS_HOME=$JENKINS_HOME --output=$JENKINS_LOG --pidfile=$PIDFILE"
SU=/bin/su
END PATCH
Step 2
Update ownership of jenkins directories:
chown -R ptran /var/log/jenkins
chown -R ptran /var/lib/jenkins
chown -R ptran /var/run/jenkins
chown -R ptran /var/cache/jenkins
Step 3
Restart jenkins
sudo service jenkins restart
ISSUE 1:
Started by user anonymous
That does not mean that Jenkins started as an anonymous user.
It just means that the person who started the build was not logged in. If you enable Jenkins security, you can create usernames for people and when they log in, the
"Started by anonymous"
will change to
"Started by < username >".
Note: You do not have to enable security in order to run jenkins or to clone correctly.
If you want to enable security and create users, you should see the options at Manage Jenkins > Configure System.
ISSUE 2:
The "can't clone" error is a different issue altogether. It has nothing to do with you logging in to jenkins or enabling security. It just means that Jenkins does not have the credentials to clone from your git SCM.
Check out the Jenkins Git Plugin to see how to set up Jenkins to work with your git repository.
Hope that helps.
On Mac OS X, the way I enabled Jenkins to pull from my (private) Github repo is:
First, ensure that your user owns the Jenkins directory
sudo chown -R me:me /Users/Shared/Jenkins
Then edit the LaunchDaemon plist for Jenkins (at /Library/LaunchDaemons/org.jenkins-ci.plist) so that your user is the GroupName and the UserName:
<key>GroupName</key>
<string>me</string>
...
<key>UserName</key>
<string>me</string>
Then reload Jenkins:
sudo launchctl unload -w /Library/LaunchDaemons/org.jenkins-ci.plist
sudo launchctl load -w /Library/LaunchDaemons/org.jenkins-ci.plist
Then Jenkins, since it's running as you, has access to your ~/.ssh directory which has your keys.
If you really want to run Jenkins as you, I suggest you check out my Jenkins.app. An alternative, easy way to run Jenkins on Mac.
See https://github.com/stisti/jenkins-app/
Download it from https://github.com/stisti/jenkins-app/downloads
To run jenkins as different user on ubuntu os you need to change below things.
Update below two lines in /etc/default/jenkins file
JENKINS_USER=$USERNAME
JENKINS_GROUP=$NAME
In our case we set user as ubuntu.
#JENKINS_USER=$NAME
#JENKINS_GROUP=$NAME
JENKINS_USER="ubuntu"
JENKINS_GROUP="ubuntu"
Update below two lines in /lib/systemd/system/jenkins.service file
User=jenkins
Group=jenkins
In our case we set user as ubuntu.
#User=jenkins
#Group=jenkins
User=ubuntu
Group=ubuntu
Change file ownership of jenkins owned folders.
sudo chown -R ubuntu:ubuntu /var/lib/jenkins
sudo chown -R ubuntu:ubuntu /var/cache/jenkins
sudo chown -R ubuntu:ubuntu /var/log/jenkins
After above changes run below command to reload systemctl
sudo systemctl daemon-reload
Now you can restart jenkins
sudo systemctl restart jenkins.service
you can integrate to LDAP or AD as well. It works well.