Comments (5)
You should either use acl
or run all commands as the webserver user. The problem is, that there are bundles out there, that still writes into app/cache
on it's own, so even if this fixes your current issue, it doesn't prevent you from future ones.
But somehow I agree: As long as its supported, it should at least work 😄
from symfony.
Yes I actually realized that after reporting this one. I went back and looked at the capistrano2 (capifony) deploy scripts used in some old projects. I was actually executing everything as root and then chown
the current release to the owner user.
I think the better way is to configure php-fpm
to run as the owner user. That's probably more secure as well.
from symfony.
@patrickli Well, still the best way is to use acl
😉 Problem with making the php5-fpm
-processes the same user as the checkout is, that now php5-fpm
is able to write to the source files as well, which makes it theoretically possble (depending on the application), that some attacker can inject malicious code into the sources directly.
from symfony.
OK. Thanks for the tip.
from symfony.
Closing - this is something better fixed by server management or a custom task (or using the in-built ACL). Running ACL after cache:warmup
could potentially require sudo which I would like to avoid (as the support isn't great in capistrano)
from symfony.
Related Issues (20)
- Error task symfony:clear_controllers HOT 2
- NoMethodError: undefined method `symfony_console' HOT 2
- Website unreachable during deploy HOT 3
- Error: `execute' should be wrapped in an `on'
- Task for running (and enforcing passed) tests HOT 3
- v1.0 tasks don't run on Symfony 2.8 HOT 1
- Cache warmup SSH commands being executed multiple times per host HOT 2
- Capistrano roles ignored for symfony_command HOT 1
- Symfony messenger stop workers HOT 1
- Capfile: cannot load such file -- capistrano/symfony HOT 1
- Make :symfony_console_path executable HOT 2
- Task symfony:set_permissions invokes task deploy:set_permissions:* for each server in "release_roles :all"
- Release a stable release? HOT 8
- Symfony 4 directory structure HOT 15
- Symfony Flex?
- Cache warmup error HOT 1
- Uploads linked dirs
- symfony_deploy_roles in place of symfony_roles HOT 2
- exclude folders before deploy from local !?
- PHP Errors not displaying in the log HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from symfony.