|
1
|
|
|
<?php |
|
2
|
|
|
namespace Deployer; |
|
3
|
|
|
|
|
4
|
|
|
desc('Make writable dirs'); |
|
5
|
|
|
task('deploy:writable', function () { |
|
6
|
|
|
$dirs = join(' ', get('writable_dirs')); |
|
|
|
|
|
|
7
|
|
|
$mode = get('writable_mode'); |
|
8
|
|
|
$sudo = get('writable_use_sudo') ? 'sudo' : ''; |
|
9
|
|
|
$httpUser = get('http_user', false); |
|
10
|
8 |
|
|
|
11
|
|
|
if (empty($dirs)) { |
|
12
|
4 |
|
return; |
|
13
|
4 |
|
} |
|
14
|
4 |
|
|
|
15
|
4 |
|
if ($httpUser === false && !in_array($mode, ['chgrp', 'chmod'], true)) { |
|
16
|
|
|
// Attempt to detect http user in process list. |
|
17
|
4 |
|
$httpUserCandidates = explode("\n", run("ps axo comm,user | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | sort | awk '{print \$NF}' | uniq")); |
|
18
|
4 |
|
if (count($httpUserCandidates)) { |
|
19
|
|
|
$httpUser = array_shift($httpUserCandidates); |
|
20
|
|
|
} |
|
21
|
|
|
|
|
22
|
|
|
if (empty($httpUser)) { |
|
23
|
|
|
throw new \RuntimeException( |
|
24
|
|
|
"Can't detect http user name.\n" . |
|
25
|
|
|
"Please setup `http_user` config parameter." |
|
26
|
|
|
); |
|
27
|
|
|
} |
|
28
|
|
|
} |
|
29
|
|
|
|
|
30
|
|
|
cd('{{release_path}}'); |
|
31
|
|
|
|
|
32
|
|
|
// Create directories if they don't exist |
|
33
|
|
|
run("mkdir -p $dirs"); |
|
34
|
|
|
|
|
35
|
|
|
$recursive = get('writable_recursive') ? '-R' : ''; |
|
36
|
|
|
|
|
37
|
|
|
if ($mode === 'chown') { |
|
38
|
|
|
// Change owner. |
|
39
|
|
|
// -R operate on files and directories recursively |
|
40
|
|
|
// -L traverse every symbolic link to a directory encountered |
|
41
|
|
|
run("$sudo chown -L $recursive $httpUser $dirs"); |
|
42
|
|
|
} elseif ($mode === 'chgrp') { |
|
43
|
|
|
// Change group ownership. |
|
44
|
|
|
// -R operate on files and directories recursively |
|
45
|
|
|
// -L if a command line argument is a symbolic link to a directory, traverse it |
|
46
|
|
|
$httpGroup = get('http_group', false); |
|
47
|
|
|
if ($httpGroup === false) { |
|
48
|
|
|
throw new \RuntimeException("Please setup `http_group` config parameter."); |
|
49
|
|
|
} |
|
50
|
|
|
run("$sudo chgrp -H $recursive $httpGroup $dirs"); |
|
51
|
|
|
} elseif ($mode === 'chmod') { |
|
52
|
|
|
// in chmod mode, defined `writable_chmod_recursive` has priority over common `writable_recursive` |
|
53
|
|
|
if (is_bool(get('writable_chmod_recursive'))) { |
|
54
|
|
|
$recursive = get('writable_chmod_recursive') ? '-R' : ''; |
|
55
|
|
|
} |
|
56
|
|
|
run("$sudo chmod $recursive {{writable_chmod_mode}} $dirs"); |
|
57
|
|
|
} elseif ($mode === 'acl') { |
|
58
|
|
|
if (strpos(run("chmod 2>&1; true"), '+a') !== false) { |
|
59
|
|
|
// Try OS-X specific setting of access-rights |
|
60
|
|
|
|
|
61
|
|
|
run("$sudo chmod +a \"$httpUser allow delete,write,append,file_inherit,directory_inherit\" $dirs"); |
|
62
|
|
|
run("$sudo chmod +a \"`whoami` allow delete,write,append,file_inherit,directory_inherit\" $dirs"); |
|
63
|
|
|
} elseif (commandExist('setfacl')) { |
|
64
|
|
|
if (!empty($sudo)) { |
|
65
|
|
|
run("$sudo setfacl -L $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs"); |
|
66
|
|
|
run("$sudo setfacl -dL $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs"); |
|
67
|
|
|
} else { |
|
68
|
|
|
// When running without sudo, exception may be thrown |
|
69
|
|
|
// if executing setfacl on files created by http user (in directory that has been setfacl before). |
|
70
|
|
|
// These directories/files should be skipped. |
|
71
|
|
|
// Now, we will check each directory for ACL and only setfacl for which has not been set before. |
|
72
|
|
|
$writeableDirs = get('writable_dirs'); |
|
73
|
|
|
foreach ($writeableDirs as $dir) { |
|
74
|
|
|
// Check if ACL has been set or not |
|
75
|
|
|
$hasfacl = run("getfacl -p $dir | grep \"^user:$httpUser:.*w\" | wc -l"); |
|
76
|
|
|
// Set ACL for directory if it has not been set before |
|
77
|
|
|
if (!$hasfacl) { |
|
78
|
|
|
run("setfacl -L $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir"); |
|
79
|
|
|
run("setfacl -dL $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir"); |
|
80
|
|
|
} |
|
81
|
|
|
} |
|
82
|
|
|
} |
|
83
|
|
|
} else { |
|
84
|
|
|
throw new \RuntimeException("Can't set writable dirs with ACL.\nConnect to host with \"dep ssh\",\nand run: \"sudo apt-get install acl\""); |
|
85
|
|
|
} |
|
86
|
|
|
} else { |
|
87
|
|
|
throw new \RuntimeException("Unknown writable_mode `$mode`."); |
|
88
|
|
|
} |
|
89
|
|
|
}); |
|
90
|
|
|
|
deployphp /
deployer
Anton Medvedev
Loading history...