我正在努力让capistrano参与我的团队项目。由于部门限制,我们必须以自己的身份登录,然后sudo su进入共享项目用户。我们sudo su - projectuser进入的项目用户拥有访问项目目录所需的权限。我很难搞清楚如何使用capistrano来完成这项工作。任何帮助将不胜感激。
答案 0 :(得分:1)
man sudo
-u user The -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a user name, use #uid. When running commands as a
uid, many shells require that the '#' be escaped with a backslash ('\'). Note that if the targetpw Defaults option is set (see sudoers(5)) it is not possible to run
commands with a uid not listed in the password database.
-i [command]
The -i (simulate initial login) option runs the shell specified in the passwd(5) entry of the target user as a login shell. This means that login-specific resource
files such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution. Otherwise, an interactive shell is
executed. sudo attempts to change to that user's home directory before running the shell. It also initializes the environment, leaving DISPLAY and TERM unchanged,
setting HOME, MAIL, SHELL, USER, LOGNAME, and PATH, as well as the contents of /etc/environment on Linux and AIX systems. All other environment variables are removed.
Sudo已经支持以特定用户而不是root身份运行命令。因此,您可以只运行sudo mkdir some_folder而不是运行sudo -u your_user mkdir some_folder,而只会执行该用户的所有命令。
此外,-i标志将指示sudo启动新shell并运行命令。新shell将像登录shell一样进行初始化(它将切换到用户的主目录,重新初始化HOME和其他变量等)。它最接近运行sudo su - your_user。
要使Capistrano使用sudo -u <your-user> -i而不是sudo,请在deploy.rb中设置以下配置:
set :use_sudo, true
set :sudo, "sudo -u <your-user> -i"
Capistrano现在将使用给定用户的所有sudo命令,使用全新的登录shell。
答案 1 :(得分:0)
查看以下答案:
How can I switch user in a Capistrano task?
当然,您需要修改该代码才能执行sudo su - projectuser而不是简单的sudo root。
我自己从未这样做,但似乎它会起作用。您也可以使用cap shell对此进行测试。就个人而言,我建议先使用cap shell。
此外,还有另一个选项here,但我认为上面的原始链接提供了更好的工作机会。