{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 祖国的老花朵 的问题《Capifony setfacl permissions: “Operation not permi》','https://www.manongdao.com/q-398571.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a user didongo (user & group didongo), and the nginx server (user & group www-data). I've setup Capifony to login as didongo user: the first time I deploy setfacl command works ok (while the logs folder is empty). But after the web application, served by nginx, has generated some logs (prod.log) the very next deploy fails, with an setfacl error.
I'm sure I'm doing a noob error with the permissions between the user and the web server, but I don't see what error. I see that didongo should not be able to change permissions of a file he hasn't permissions to. But then, how I'm supposed to configure the server or Capifony?
Thanks!
Relevant (hope so) Capifony deploy.rb config:
set :user, "didongo"
set :webserver_user, "www-data"
set :permission_method, :acl
set :use_set_permissions, true
set :shared_children, [app_path + "/logs", web_path + "/uploads", "vendor"]
set :writable_dirs, ["app/cache", "app/logs"]
This is the Capifony error:
$ setfacl -R -m u:didongo:rwx -m u:www-data:rwx /home/didongo/staging/shared/app/logs
setfacl: /home/didongo/staging/shared/app/logs/prod.log: Operation not permitted
Some data on the ACL:
$ getfacl app/logs
# file: logs
# owner: didongo
# group: didongo
user::rwx
user:www-data:rwx
user:didongo:rwx
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:user:www-data:rwx
default:user:didongo:rwx
default:group::rwx
default:mask::rwx
default:other::r-x
# file: logs/prod.log
# owner: www-data
# group: www-data
user::rw-
user:www-data:rwx #effective:rw-
user:didongo:rwx #effective:rw-
group::rwx #effective:rw-
mask::rw-
other::r--
The problem here, is that
prod.logfile was created automatically so its owner iswww-data. Capifony runs deployment asdidongouser. One user can't dosetfaclto the other owner's file.So just add
didongoto the groupwww-data:sudo adduser didongo www-dataTry this once with sudo and after you will no need to use sudo
Because you need to set
x+permissions, read this What is trailing Plus indicatesFinally I managed this creating different PHP-FPM pools with the same permissions as the user. This way I can have different users separated from each other. And as a bonus deploy.rb is simplified.