How to setup deployment with non-root user?

[robot-den]

Hi! My question is not an issue, but an advice seeking. I didn't find an answer in the other issues. I'm trying to set a deploy using puma (6.4.3) and capistrano3-puma (6.0.0.beta.1).

I'm using separate user, that was made to deploy application. It's named "deploy" and is set in capistrano configs. When I run cap production puma:install I get an error at the sudo loginctl enable-linger step:

03 sudo loginctl enable-linger 
03 sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
03 sudo: a password is required
#<Thread:0x000000012145fca0 /Users/denisnazmutdinov/.rbenv/versions/3.3.6/lib/ruby/gems/3.3.0/gems/sshkit-1.23.2/lib/sshkit/runners/parallel.rb:10 run> terminated with exception (report_on_exception is true):
/Users/denisnazmutdinov/.rbenv/versions/3.3.6/lib/ruby/gems/3.3.0/gems/sshkit-1.23.2/lib/sshkit/runners/parallel.rb:15:in `rescue in block (2 levels) in execute': Exception while executing as deploy@xx.xx.xx.xxx: sudo exit status: 1 (SSHKit::Runner::ExecuteError)
sudo stdout: Nothing written
sudo stderr: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required

I understand that this happens because at this step the sudo password is asked. But I don't understand how other devs setup deployment with separate user like in my case. Do they deploy using the root user or adjust something in privileges?

What can I do to finish installation and deploy under "deploy" user?

[robot-den]

I fixed it by changing some "deploy" user privileges:

login as root, call visudo and add line to the end of file: deploy ALL=(ALL) NOPASSWD: /usr/bin/loginctl it will allow the "deploy" user to call sudo loginctl without password.