deployer/recipe/deploy/writable.php

<?php
/* (c) Anton Medvedev <anton@medv.io>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Deployer;

desc('Make writable dirs');
task('deploy:writable', function () {
    $dirs = join(' ', get('writable_dirs'));
    $mode = get('writable_mode');
    $sudo = get('writable_use_sudo') ? 'sudo' : '';
    $httpUser = get('http_user', false);

    if (empty($dirs)) {
        return;
    }

    if ($httpUser === false && $mode !== 'chmod') {
        // Detect http user in process list.
        $httpUser = run("ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\\  -f1")->toString();

        if (empty($httpUser)) {
            throw new \RuntimeException(
                "Can't detect http user name.\n" .
                "Please setup `http_user` config parameter."
            );
        }
    }

    try {
        cd('{{release_path}}');

        if ($mode === 'chown') {
            // Change owner.
            // -R   operate on files and directories recursively
            // -L   traverse every symbolic link to a directory encountered
            run("$sudo chown -RL $httpUser $dirs");
        } elseif ($mode === 'chgrp') {
            // Change group ownership.
            // -R   operate on files and directories recursively
            // -L   if a command line argument is a symbolic link to a directory, traverse it
            $httpGroup = get('http_group', false);
            if ($httpGroup === false) {
                throw new \RuntimeException("Please setup `http_group` config parameter.");
            }
            run("$sudo chgrp -RH $httpGroup $dirs");
        } elseif ($mode === 'chmod') {
            $recursive = get('writable_chmod_recursive') ? '-R' : '';
            run("$sudo chmod $recursive {{writable_chmod_mode}} $dirs");
        } elseif ($mode === 'acl') {
            if (strpos(run("chmod 2>&1; true"), '+a') !== false) {
                // Try OS-X specific setting of access-rights

                run("$sudo chmod +a \"$httpUser allow delete,write,append,file_inherit,directory_inherit\" $dirs");
                run("$sudo chmod +a \"`whoami` allow delete,write,append,file_inherit,directory_inherit\" $dirs");
            } elseif (commandExist('setfacl')) {
                if (!empty($sudo)) {
                    run("$sudo setfacl -RL -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs");
                    run("$sudo setfacl -dRL -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs");
                } else {
                    // When running without sudo, exception may be thrown
                    // if executing setfacl on files created by http user (in directory that has been setfacl before).
                    // These directories/files should be skipped.
                    // Now, we will check each directory for ACL and only setfacl for which has not been set before.
                    $writeableDirs = get('writable_dirs');
                    foreach ($writeableDirs as $dir) {
                        // Check if ACL has been set or not
                        $hasfacl = run("getfacl -p $dir | grep \"^user:$httpUser:.*w\" | wc -l")->toString();
                        // Set ACL for directory if it has not been set before
                        if (!$hasfacl) {
                            run("setfacl -RL -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir");
                            run("setfacl -dRL -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir");
                        }
                    }
                }
            } else {
                throw new \RuntimeException("Cant't set writable dirs with ACL.");
            }
        } else {
            throw new \RuntimeException("Unknown writable_mode `$mode`.");
        }
    } catch (\RuntimeException $e) {
        $formatter = Deployer::get()->getHelper('formatter');

        $errorMessage = [
            "Unable to setup correct permissions for writable dirs.                  ",
            "You need to configure sudo's sudoers files to not prompt for password,",
            "or setup correct permissions manually.                                  ",
        ];
        write($formatter->formatBlock($errorMessage, 'error', true));

        throw $e;
    }
});
Refactor common.php 2016-11-19 15:13:32 +07:00			`<?php`
			`/* (c) Anton Medvedev <anton@medv.io>`
			`*`
			`* For the full copyright and license information, please view the LICENSE`
			`* file that was distributed with this source code.`
			`*/`

			`namespace Deployer;`

			`desc('Make writable dirs');`
			`task('deploy:writable', function () {`
			`$dirs = join(' ', get('writable_dirs'));`
			`$mode = get('writable_mode');`
			`$sudo = get('writable_use_sudo') ? 'sudo' : '';`
			`$httpUser = get('http_user', false);`

			`if (empty($dirs)) {`
			`return;`
			`}`

			`if ($httpUser === false && $mode !== 'chmod') {`
			`// Detect http user in process list.`
			`$httpUser = run("ps axo user,comm \| grep -E '[a]pache\|[h]ttpd\|[_]www\|[w]ww-data\|[n]ginx' \| grep -v root \| head -1 \| cut -d\\ -f1")->toString();`

			`if (empty($httpUser)) {`
			`throw new \RuntimeException(`
			`"Can't detect http user name.\n" .`
			"Please setup `http_user` config parameter."
			`);`
			`}`
			`}`

			`try {`
			`cd('{{release_path}}');`

			`if ($mode === 'chown') {`
			`// Change owner.`
			`// -R operate on files and directories recursively`
			`// -L traverse every symbolic link to a directory encountered`
			`run("$sudo chown -RL $httpUser $dirs");`
			`} elseif ($mode === 'chgrp') {`
			`// Change group ownership.`
			`// -R operate on files and directories recursively`
			`// -L if a command line argument is a symbolic link to a directory, traverse it`
			`$httpGroup = get('http_group', false);`
Fix bug with $httpGroup guard clause 2017-01-07 08:50:15 -05:00			`if ($httpGroup === false) {`
Refactor common.php 2016-11-19 15:13:32 +07:00			throw new \RuntimeException("Please setup `http_group` config parameter.");
			`}`
			`run("$sudo chgrp -RH $httpGroup $dirs");`
			`} elseif ($mode === 'chmod') {`
Option for non-recursive chmod in deploy:writable This commit enables the user to disable the recursive flag when setting writable dirs with 'chmod', by setting 'writable_chmod_recursive' to false. It is per default set to true. 2017-01-24 08:08:58 +01:00			`$recursive = get('writable_chmod_recursive') ? '-R' : '';`
			`run("$sudo chmod $recursive {{writable_chmod_mode}} $dirs");`
Refactor common.php 2016-11-19 15:13:32 +07:00			`} elseif ($mode === 'acl') {`
			`if (strpos(run("chmod 2>&1; true"), '+a') !== false) {`
			`// Try OS-X specific setting of access-rights`

			`run("$sudo chmod +a \"$httpUser allow delete,write,append,file_inherit,directory_inherit\" $dirs");`
			run("$sudo chmod +a \"`whoami` allow delete,write,append,file_inherit,directory_inherit\" $dirs");
			`} elseif (commandExist('setfacl')) {`
			`if (!empty($sudo)) {`
Calling setfacl with option -L to follow symbolic links created for shared directories. 2017-01-14 14:53:58 +01:00			run("$sudo setfacl -RL -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs");
			run("$sudo setfacl -dRL -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs");
Refactor common.php 2016-11-19 15:13:32 +07:00			`} else {`
			`// When running without sudo, exception may be thrown`
			`// if executing setfacl on files created by http user (in directory that has been setfacl before).`
			`// These directories/files should be skipped.`
			`// Now, we will check each directory for ACL and only setfacl for which has not been set before.`
			`$writeableDirs = get('writable_dirs');`
			`foreach ($writeableDirs as $dir) {`
			`// Check if ACL has been set or not`
			`$hasfacl = run("getfacl -p $dir \| grep \"^user:$httpUser:.*w\" \| wc -l")->toString();`
			`// Set ACL for directory if it has not been set before`
			`if (!$hasfacl) {`
Calling setfacl with option -L to follow symbolic links created for shared directories. 2017-01-14 14:53:58 +01:00			run("setfacl -RL -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir");
			run("setfacl -dRL -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir");
Refactor common.php 2016-11-19 15:13:32 +07:00			`}`
			`}`
			`}`
			`} else {`
			`throw new \RuntimeException("Cant't set writable dirs with ACL.");`
			`}`
			`} else {`
			throw new \RuntimeException("Unknown writable_mode `$mode`.");
			`}`
			`} catch (\RuntimeException $e) {`
			`$formatter = Deployer::get()->getHelper('formatter');`

			`$errorMessage = [`
			`"Unable to setup correct permissions for writable dirs. ",`
			`"You need to configure sudo's sudoers files to not prompt for password,",`
			`"or setup correct permissions manually. ",`
			`];`
			`write($formatter->formatBlock($errorMessage, 'error', true));`

			`throw $e;`
			`}`
			`});`