search

deployphp / deployer

The PHP deployment tool with support for popular frameworks out of the box
https://deployer.org
MIT License
10.56k stars 1.48k forks source link

Directory and file permissions too high #1255

Closed jasperf closed 7 years ago

jasperf commented 7 years ago
Q A
Issue Type Question
Deployer Version 5.0.3
Local Machine OS MacOS Sierra
Remote Machine OS Ubuntu 17.0.4

Description

When I deploy I get writable directories as 777 and even files as package.json as 755 which is rather odd. I mean, it should be 775 max for directories and 664 for files. Must be related to my setup with webroot files owner web (deployer user as well and non sudo user) and group www-data and www-data running nginx and such. But I am not sure yet how to remedy this.

root@server:/var/www/larastud.io/current# stat -c "%a %n" *
2775 app
775 artisan
2775 bootstrap
775 composer.json
664 composer.lock
2775 config
2775 database
664 deploy.php
775 package.json
775 phpunit.xml
2775 public
775 readme.md
2775 resources
2775 routes
775 server.php
777 storage
2775 tests
2775 vendor
775 webpack.mix.js

Steps to reproduce

Run dep deploy from project directory on local MacBook.

Content of deploy.php

<?php
namespace Deployer;

require 'recipe/laravel.php';

// Configuration

// Specify the repository from which to download your project's code.
// The server needs to have git installed for this to work.
// If you're not using a forward agent, then the server has to be able to clone
// your project from this repository.
set('repository', 'git@github.com:jasperf/larastudio.git');
set('default_stage', 'production');
set('git_tty', true); // [Optional] Allocate tty for git on first deployment
set('ssh_type', 'native');
add('shared_files', []);
add('shared_dirs', []);
add('writable_dirs', []);

// Hosts

host('larastud.io')
    ->user('web')
    ->forwardAgent()
    ->stage('production')
    ->set('deploy_path', '/var/www/larastud.io');

Output log

dep deploy -vvv
➤ Executing task deploy:prepare
[larastud.io] > echo $0
[larastud.io] < ssh multiplexing initialization
[larastud.io] < bash
[larastud.io] > if [ ! -d /var/www/larastud.io ]; then mkdir -p /var/www/larastud.io; fi
[larastud.io] > if [ ! -L /var/www/larastud.io/current ] && [ -d /var/www/larastud.io/current ]; then echo true; fi
[larastud.io] > cd /var/www/larastud.io && if [ ! -d .dep ]; then mkdir .dep; fi
[larastud.io] > cd /var/www/larastud.io && if [ ! -d releases ]; then mkdir releases; fi
[larastud.io] > cd /var/www/larastud.io && if [ ! -d shared ]; then mkdir shared; fi
• done on [larastud.io]
✔ Ok [4s 269ms]
➤ Executing task deploy:lock
[larastud.io] > if [ -f /var/www/larastud.io/.dep/deploy.lock ]; then echo 'true'; fi
[larastud.io] > touch /var/www/larastud.io/.dep/deploy.lock
• done on [larastud.io]
✔ Ok [768ms]
➤ Executing task deploy:release
[larastud.io] > cd /var/www/larastud.io && (if [ -h release ]; then echo 'true'; fi)
[larastud.io] > cd /var/www/larastud.io && ([ -d releases ] && [ "$(ls -A releases)" ] && echo "true" || echo "false")
[larastud.io] < true
[larastud.io] > cd /var/www/larastud.io && (cd releases && ls -t -1 -d */)
[larastud.io] < 2/
[larastud.io] < 1/
[larastud.io] > cd /var/www/larastud.io && (if [ -f .dep/releases ]; then echo "true"; fi)
[larastud.io] < true
[larastud.io] > cd /var/www/larastud.io && (tail -n 15 .dep/releases)
[larastud.io] < 20170606074740,1
[larastud.io] < 20170606075747,2
[larastud.io] > cd /var/www/larastud.io && (if [ -d /var/www/larastud.io/releases/3 ]; then echo 'true'; fi)
[larastud.io] > cd /var/www/larastud.io && (date +"%Y%m%d%H%M%S")
[larastud.io] < 20170606083030
[larastud.io] > cd /var/www/larastud.io && (echo '20170606083030,3' >> .dep/releases)
[larastud.io] > cd /var/www/larastud.io && (mkdir /var/www/larastud.io/releases/3)
[larastud.io] > cd /var/www/larastud.io && (if [[ $(man ln 2>&1 || ln -h 2>&1 || ln --help 2>&1) =~ '--relative' ]]; then echo 'true'; fi)
[larastud.io] < true
[larastud.io] > cd /var/www/larastud.io && (ln -nfs --relative /var/www/larastud.io/releases/3 /var/www/larastud.io/release)
• done on [larastud.io]
✔ Ok [4s 37ms]
➤ Executing task deploy:update_code
[larastud.io] > which git
[larastud.io] < /usr/bin/git
[larastud.io] > /usr/bin/git version
[larastud.io] < git version 2.11.0
[larastud.io] > if [ -h /var/www/larastud.io/release ]; then echo 'true'; fi
[larastud.io] < true
[larastud.io] > readlink /var/www/larastud.io/release
[larastud.io] < releases/3
[larastud.io] > /usr/bin/git clone  --recursive -q --reference /var/www/larastud.io/releases/2 --dissociate git@github.com:jasperf/larastudio.git  /var/www/larastud.io/releases/3 2>&1
Counting objects: 121, done.
Compressing objects: 100% (88/88), done.
Writing objects: 100% (121/121), done.
Total 121 (delta 16), reused 121 (delta 16)
Connection to larastud.io closed.
• done on [larastud.io]
✔ Ok [4s 557ms]
➤ Executing task deploy:shared
[larastud.io] > if [ -d /var/www/larastud.io/shared/storage ]; then echo 'true'; fi
[larastud.io] < true
[larastud.io] > rm -rf /var/www/larastud.io/releases/3/storage
[larastud.io] > mkdir -p `dirname /var/www/larastud.io/releases/3/storage`
[larastud.io] > ln -nfs --relative /var/www/larastud.io/shared/storage /var/www/larastud.io/releases/3/storage
[larastud.io] > mkdir -p /var/www/larastud.io/shared/.
[larastud.io] > if [ -f /var/www/larastud.io/shared/.env ]; then echo 'true'; fi
[larastud.io] < true
[larastud.io] > if [ -f $(echo /var/www/larastud.io/releases/3/.env) ]; then rm -rf /var/www/larastud.io/releases/3/.env; fi
[larastud.io] > if [ ! -d $(echo /var/www/larastud.io/releases/3/.) ]; then mkdir -p /var/www/larastud.io/releases/3/.;fi
[larastud.io] > touch /var/www/larastud.io/shared/.env
[larastud.io] > ln -nfs --relative /var/www/larastud.io/shared/.env /var/www/larastud.io/releases/3/.env
• done on [larastud.io]
✔ Ok [3s 635ms]
➤ Executing task deploy:vendors
[larastud.io] > if hash composer 2>/dev/null; then echo 'true'; fi
[larastud.io] < true
[larastud.io] > which composer
[larastud.io] < /usr/local/bin/composer
[larastud.io] > which php
[larastud.io] < /usr/bin/php
[larastud.io] > cd /var/www/larastud.io/releases/3 &&  /usr/bin/php /usr/local/bin/composer install --verbose --prefer-dist --no-progress --no-interaction --no-dev --optimize-autoloader
[larastud.io] < Loading composer repositories with package information
[larastud.io] < Updating dependencies
[larastud.io] < Dependency resolution completed in 0.161 seconds
[larastud.io] < Analyzed 7585 packages to resolve dependencies
[larastud.io] < Analyzed 60234 rules to resolve dependencies
[larastud.io] < Dependency resolution completed in 0.000 seconds
[larastud.io] < Package operations: 31 installs, 0 updates, 0 removals
[larastud.io] < Installs: symfony/css-selector:v3.3.2, tijsverkoyen/css-to-inline-styles:2.2.0, symfony/polyfill-mbstring:v1.3.0, symfony/var-dumper:v3.3.2, jakub-onderka/php-console-color:0.1, jakub-onderka/php-console-highlighter:v0.3.2, dnoegel/php-xdg-base-dir:0.1, nikic/php-parser:v3.0.5, psr/log:1.0.2, symfony/debug:v3.3.2, symfony/console:v3.3.2, psy/psysh:v0.8.6, vlucas/phpdotenv:v2.4.0, symfony/routing:v3.3.2, symfony/process:v3.3.2, symfony/http-foundation:v3.3.2, symfony/event-dispatcher:v3.3.2, symfony/http-kernel:v3.3.2, symfony/finder:v3.3.2, swiftmailer/swiftmailer:v5.4.8, paragonie/random_compat:v2.0.10, ramsey/uuid:3.6.1, symfony/translation:v3.3.2, nesbot/carbon:1.22.1, mtdowling/cron-expression:v1.2.0, monolog/monolog:1.22.1, league/flysystem:1.0.40, erusev/parsedown:1.6.2, doctrine/inflector:v1.1.0, laravel/framework:v5.4.24, laravel/tinker:v1.0.1
[larastud.io] <   - Installing symfony/css-selector (v3.3.2): Loading from cache
[larastud.io] <  Extracting archive  - Installing tijsverkoyen/css-to-inline-styles (2.2.0): Loading from cache
[larastud.io] <  Extracting archive  - Installing symfony/polyfill-mbstring (v1.3.0): Loading from cache
[larastud.io] <  Extracting archive  - Installing symfony/var-dumper (v3.3.2): Loading from cache
[larastud.io] <  Extracting archive  - Installing jakub-onderka/php-console-color (0.1): Loading from cache
[larastud.io] <  Extracting archive  - Installing jakub-onderka/php-console-highlighter (v0.3.2): Loading from cache
[larastud.io] <  Extracting archive  - Installing dnoegel/php-xdg-base-dir (0.1): Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing nikic/php-parser (v3.0.5): Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing psr/log (1.0.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing symfony/debug (v3.3.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing symfony/console (v3.3.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing psy/psysh (v0.8.6):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing vlucas/phpdotenv (v2.4.0):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive  - Installing symfony/routing (v3.3.2): Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing symfony/process (v3.3.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing symfony/http-foundation (v3.3.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing symfony/event-dispatcher (v3.3.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing symfony/http-kernel (v3.3.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing symfony/finder (v3.3.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing swiftmailer/swiftmailer (v5.4.8):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing paragonie/random_compat (v2.0.10):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing ramsey/uuid (3.6.1):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing symfony/translation (v3.3.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing nesbot/carbon (1.22.1):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing mtdowling/cron-expression (v1.2.0):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing monolog/monolog (1.22.1):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing league/flysystem (1.0.40):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing erusev/parsedown (1.6.2):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing doctrine/inflector (v1.1.0):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing laravel/framework (v5.4.24):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] <   - Installing laravel/tinker (v1.0.1):
[larastud.io] < Loading from cache
[larastud.io] <  Extracting archive
[larastud.io] < Writing lock file
[larastud.io] < Generating optimized autoload files
[larastud.io] < > post-update-cmd: Illuminate\Foundation\ComposerScripts::postUpdate
[larastud.io] < > post-update-cmd: php artisan optimize
[larastud.io] < Generating optimized class loader
[larastud.io] < The compiled services file has been removed.
• done on [larastud.io]
✔ Ok [8s 892ms]
➤ Executing task deploy:writable
[larastud.io] > ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1
[larastud.io] < www-data
[larastud.io] > cd /var/www/larastud.io/releases/3 && (mkdir -p bootstrap/cache storage storage/app storage/app/public storage/framework storage/framework/cache storage/framework/sessions storage/framework/views storage/logs)
[larastud.io] > cd /var/www/larastud.io/releases/3 && (chmod 2>&1; true)
[larastud.io] < chmod:
[larastud.io] < missing operand
[larastud.io] < Try 'chmod --help' for more information.
[larastud.io] > cd /var/www/larastud.io/releases/3 && (if hash setfacl 2>/dev/null; then echo 'true'; fi)
[larastud.io] < true
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p bootstrap/cache | grep "^user:www-data:.*w" | wc -l)
[larastud.io] > cd /var/www/larastud.io/releases/3 && (setfacl -RL -m u:"www-data":rwX -m u:`whoami`:rwX bootstrap/cache)
[larastud.io] > cd /var/www/larastud.io/releases/3 && (setfacl -dRL -m u:"www-data":rwX -m u:`whoami`:rwX bootstrap/cache)
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/app | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/app/public | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/framework | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/framework/cache | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/framework/sessions | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/framework/views | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/logs | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
• done on [larastud.io]
✔ Ok [5s 627ms]
➤ Executing task artisan:storage:link
[larastud.io] > /usr/bin/php /var/www/larastud.io/releases/3/artisan --version
[larastud.io] < Laravel Framework 5.4.24
[larastud.io] > /usr/bin/php /var/www/larastud.io/releases/3/artisan storage:link
[larastud.io] < The [public/storage] directory has been linked.
• done on [larastud.io]
✔ Ok [1s 14ms]
➤ Executing task artisan:view:clear
[larastud.io] > /usr/bin/php /var/www/larastud.io/releases/3/artisan view:clear
[larastud.io] < Compiled views cleared!
• done on [larastud.io]
✔ Ok [488ms]
➤ Executing task artisan:cache:clear
[larastud.io] > /usr/bin/php /var/www/larastud.io/releases/3/artisan cache:clear
[larastud.io] < Cache cleared successfully.
• done on [larastud.io]
✔ Ok [482ms]
➤ Executing task artisan:config:cache
[larastud.io] > /usr/bin/php /var/www/larastud.io/releases/3/artisan config:cache
[larastud.io] < Configuration cache cleared!
[larastud.io] < Configuration cached successfully!
• done on [larastud.io]
✔ Ok [489ms]
➤ Executing task artisan:optimize
[larastud.io] > /usr/bin/php /var/www/larastud.io/releases/3/artisan optimize
[larastud.io] < Generating optimized class loader
[larastud.io] < The compiled services file has been removed.
• done on [larastud.io]
✔ Ok [1s 422ms]
➤ Executing task deploy:symlink
[larastud.io] > if [[ $(man mv 2>&1 || mv -h 2>&1 || mv --help 2>&1) =~ '--no-target-directory' ]]; then echo 'true'; fi
[larastud.io] < true
[larastud.io] > mv -T /var/www/larastud.io/release /var/www/larastud.io/current
• done on [larastud.io]
✔ Ok [770ms]
➤ Executing task deploy:unlock
[larastud.io] > rm -f /var/www/larastud.io/.dep/deploy.lock
• done on [larastud.io]
✔ Ok [378ms]
➤ Executing task cleanup
[larastud.io] > cd /var/www/larastud.io && if [ -e release ]; then  rm release; fi
[larastud.io] > cd /var/www/larastud.io && if [ -h release ]; then  rm release; fi
• done on [larastud.io]
✔ Ok [720ms]
➤ Executing task success
✔ Ok [0ms]
Successfully deployed!
antonmedv commented 7 years ago 
➤ Executing task deploy:writable
[larastud.io] > ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1
[larastud.io] < www-data
[larastud.io] > cd /var/www/larastud.io/releases/3 && (mkdir -p bootstrap/cache storage storage/app storage/app/public storage/framework storage/framework/cache storage/framework/sessions storage/framework/views storage/logs)
[larastud.io] > cd /var/www/larastud.io/releases/3 && (chmod 2>&1; true)
[larastud.io] < chmod:
[larastud.io] < missing operand
[larastud.io] < Try 'chmod --help' for more information.
[larastud.io] > cd /var/www/larastud.io/releases/3 && (if hash setfacl 2>/dev/null; then echo 'true'; fi)
[larastud.io] < true
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p bootstrap/cache | grep "^user:www-data:.*w" | wc -l)
[larastud.io] > cd /var/www/larastud.io/releases/3 && (setfacl -RL -m u:"www-data":rwX -m u:`whoami`:rwX bootstrap/cache)
[larastud.io] > cd /var/www/larastud.io/releases/3 && (setfacl -dRL -m u:"www-data":rwX -m u:`whoami`:rwX bootstrap/cache)
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/app | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/app/public | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/framework | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/framework/cache | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/framework/sessions | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/framework/views | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
[larastud.io] > cd /var/www/larastud.io/releases/3 && (getfacl -p storage/logs | grep "^user:www-data:.*w" | wc -l)
[larastud.io] < 1
• done on [larastud.io]

Permission set by setfacl setfacl -RL -m u:"www-data":rwX -m u:whoami:rwX bootstrap/cache Check you setup.

jasperf commented 7 years ago

Setting the project directory at 2750 I thought that may do the trick. But the storage directory for example was still 777. Then I checked man setfacl. setfacl -RL' means to logically and recursively granting userwww-datarwX, userwhoami` (web)rwX for bootstrap/cache . X is only for directory execution. Nothing on the group or the third digit is mentioned here. Then I did a 

getfacl larastud.io/
# file: larastud.io/
# owner: web
# group: www-data
# flags: -s-
user::rwx
group::r-x
other::r-x

and saw that other has r-x. Well with 2755 for the folder that is correct. But it does not have rwx.. Then I checked the umask for web and:

web@larastudio:/var/www$ umask
0002

That is the standard umask for Ubuntu so that should be fine to and would mean directories will be 775 and files 664. And so that does not explain things.

Also realized Storage is only 777 when we are talking the symlink. The directory was 2775. However, files were still mostly 775 as well and that is still too much. And so still an issue. Perhaps I need an extra permissions task to settle this if there is no cleaner way.

antonmedv commented 7 years ago

Use can use chown of chmod mode as well. Setfacl applies only to ACL and not affects unix rights

jasperf commented 7 years ago

When I use set('writable_mode', 'chmod'); the directories that are part of the laravel recipe are made 755:

➤ Executing task deploy:writable
[larastud.io] > cd /var/www/larastud.io/releases/2 && (mkdir -p bootstrap/cache storage storage/app storage/app/public storage/framework storage/framework/cache storage/framework/sessions storage/framework/views storage/logs)
[larastud.io] > cd /var/www/larastud.io/releases/2 && ( chmod -R 0755 bootstrap/cache storage storage/app storage/app/public storage/framework storage/framework/cache storage/framework/sessions storage/framework/views storage/logs)
• done on [larastud.io]

And other directories seem to get 775 and that is correct based on umask 0002. But some files still seem to get 775 as well:

web@larastudio:/var/www/larastud.io/current$ stat -c "%a %n" *
2775 app
775 artisan
2775 bootstrap
775 composer.json
664 composer.lock
2775 config
2775 database
664 deploy.php
775 package.json
775 phpunit.xml
2775 public
775 readme.md
2775 resources
2775 routes
775 server.php
777 storage
2775 tests
2775 vendor
775 webpack.mix.js

Not all, some. Why is server.php 775 for example. .

antonmedv commented 7 years ago

Where no commands for chmod server.php

jasperf commented 7 years ago

Never mind. Seemed that local files had permissions that were too high too due to the way they were stored cloning Laravel from Github. Once I fixed the directory and file permissions locally using:

jasper@~/webdesign/larastud.io $ find . -type f -print0 | xargs -0 chmod 664
jasper@~/webdesign/larastud.io $ find . -type d -print0 | xargs -0 chmod 775

and the doing a dep deploy with the lines:

set('writable_mode', 'chmod');
set('writable_chmod_mode', '0775');

all was well. When I did not have set('writable_chmod_mode', '0775'); I had write permission issues for /var/www/larastud.io/current/storage/framework/views as these files there are www-data generated and not web. Thank you very much for this awesome deployment tool @antonmedv . Appreciate all your work and answering my questions.

P.S. When I did a standard acl setup later on as I still had issues such as

chmod: changing permissions of 'storage/framework/sessions/IyTfM4q89CLShKGlxd  
dR1J0onQunSkshN7s7oHjY': Operation not permitted

as they are 644 www-data:www-data generated by Laravel all worked with standard writable_mode as well. Even after second deployment.