First, this is not really an issue (as in an issue with WP-Stack) but mostly just a question on how to properly use it.
So, we have a server running Plesk Panel. We are hosting multiple clients on it. Each client has it's own domain in the vhosts directory. All directories that are in the vhosts directory can be accessed by the deploy user, and are owned by root. However, once in, let's say, example.com, the deploy user does not have the right to access the httpdocs folder. This is normal as the httpdocs folder is owned by the Plesk FTP user for example.com. I imagine this is why step 7 says to recursively chown the :deploy_to path. Doing so would probably cause a bunch of problems with Plesk. However, this could be done, and we run a custom task to reset the permission after deploying. But wouldn't we have to do this permissions dance every time we wanted to deploy (because we reset permissions after each deploy) ?
Could we instead make the deploy user, or it's group, namely deploy, have the right to access all folders, much like root. Or is this a big security concern ? We are trying to avoid having to manage SSH keys for each FTP user. Also, FTP user (which can have SSH access) do not have the privileges to run the sudo chown command found at line 7 of 'tasks.rb' - and we don't want to give every user sudo privileges.
Hey,
First, this is not really an issue (as in an issue with WP-Stack) but mostly just a question on how to properly use it.
So, we have a server running Plesk Panel. We are hosting multiple clients on it. Each client has it's own domain in the vhosts directory. All directories that are in the vhosts directory can be accessed by the deploy user, and are owned by root. However, once in, let's say, example.com, the deploy user does not have the right to access the httpdocs folder. This is normal as the httpdocs folder is owned by the Plesk FTP user for example.com. I imagine this is why step 7 says to recursively
chownthe:deploy_topath. Doing so would probably cause a bunch of problems with Plesk. However, this could be done, and we run a custom task to reset the permission after deploying. But wouldn't we have to do this permissions dance every time we wanted to deploy (because we reset permissions after each deploy) ?Could we instead make the deploy user, or it's group, namely deploy, have the right to access all folders, much like root. Or is this a big security concern ? We are trying to avoid having to manage SSH keys for each FTP user. Also, FTP user (which can have SSH access) do not have the privileges to run the
sudo chowncommand found at line 7 of 'tasks.rb' - and we don't want to give every user sudo privileges.Not sure if this all makes sense...
Thanks!