I have a very simple Capistrano recipe that needs to be deployed on a very complicated hardware stack and I was hoping someone could point out where I'm going wrong.

The security of our infrastructure requires that I:

• use a gateway
• deploy as a user other than myself

So, Capistrano needs to:

1. connect through a gateway as authuser
2. through the gateway connect to the app server as authuser
3. deploy files on the app server as deployuser

I've got it doing step 1 and 2 without issue, but re: step 3, it runs the deploy as authuser instead of deployuser even though I've set the runner as deployuser.

Here's the config portion of the deploy.rb file:

app         = "new-app"
auth_user   = "authuser"
deploy_user = "deployuser"

set :user, "#{lexer_user}"
set :gateway, "#{auth_user}@<gateway ip address>"
ssh_options[:forward_agent] = true
default_run_options[:pty]   = true

# Repository setup
set :application, "#{app}"
set :repository, "git@github.com:#{auth_user}/#{app}.git"

set :scm, :git
set :branch, "master"
set :deploy_via, :remote_cache
set :git_enable_submodules, 1

# Roles
set :admin_runner, "#{deploy_user}"
set :runner, "#{deploy_user}"
role :web, "#{auth_user}@<gateway ip address>"
role :app, "#{auth_user}@<gateway ip address>"
role :db, "#{auth_user}@<gateway ip address>"

# Location
set :deploy_to, "/var/apps/#{app}"

# TASKS -------------------------------------------------
...

Any ideas what could be going wrong?

Notes: when I run deploy:setup, the commands are run as authuser, it's just when I do a normal deploy that things go wrong.