search

deployphp / deployer

The PHP deployment tool with support for popular frameworks out of the box
https://deployer.org
MIT License
10.63k stars 1.49k forks source link

Rsync fails with `mkstemp permission denied` when using `sudo` to become another user #3689

Closed boesing closed 2 months ago

boesing commented 1 year ago 
config:
  become: "user"

hosts:
  example.com:
    deploy_path: ~
    remote_user: "deployer"

tasks:
  upload:
    - upload:
        src: "cachetool.phar"
       dest: "{{deploy_path}}"

Cache tool can be downloaded via:

curl -sLO https://github.com/gordalina/cachetool/releases/latest/download/cachetool.phar

On the server side, there is a user within a group deployment. Home directories are only writable by the user itself, so neither deployer can write to user nor user can write to deployer home directory. The deployer user is in the deployment group as well.

The sudoers has:

deployer ALL=(%deployment) NOPASSWD: ALL
[example.com] run rsync '-azP' '-e' 'ssh '\''-o'\'' '\''StrictHostKeyChecking=no'\'' '\''-A'\''' '--rsync-path' 'sudo -H -u user rsync' 'tools/cachetool.phar' 'deployer@example.com:~'
[example.com] err rsync: [receiver] mkstemp "/home/deployer/.cachetool.phar.J81Ii0" failed: Permission denied (13)

Looks to me as if rsync has already executed sudo and became user but somehow wants to create an upload temp file in deployer home directory.

Upvote & Fund

Fund with Polar

boesing commented 1 year ago

I guess its trying to create that tmp file in deployer home as it connects with deployer@example.com:~, looks like it has to be an absolute path to the user home directory instead - but not sure what would be the best way to actually determine that 🤔

github-actions[bot] commented 2 months ago

This issue has been automatically closed. Please, open a discussion for bug reports and feature requests.

Read more: [https://github.com/deployphp/deployer/discussions/3888]

github-actions[bot] commented 2 months ago

This issue has been automatically closed. Please, open a discussion for bug reports and feature requests.

Read more: [https://github.com/deployphp/deployer/discussions/3888]