Nginx – Capistrano requiring root password to deploy – bad


I'm using Capistrano to deploy to my VPS (ubuntu, on Linode) and it seems to be requiring my root user's password to complete part of the deployment. This is not good as I see it.

(I'm rolling with nginx and Passenger.)

I have recursively chown'd the deployment directory and git repository. The only abnormality in my deploy.rb doc is that I have it run a bundle install and a rake db:migrate after the deploy:update_code.

Here is the output from the deploy relative (I believe) to the request for root's password:

* executing `deploy'
  * executing `deploy:update'
 ** transaction: start
  * executing `deploy:update_code'
    updating the cached checkout on all servers
    executing locally: "git ls-remote deploy@mydomain:~/myapp.git master"
  * executing "if [ -d /home/apps/myapp/shared/cached-copy ]; then cd /home/apps/myapp/shared/cached-copy && git fetch  origin && git reset  --hard 8ea422656949f90cc27fd17cb31d68bbaeb33c6e && git clean  -d -x -f; else git clone  --depth 1 deploy@mydomain:~/myapp.git /home/apps/myapp/shared/cached-copy && cd /home/apps/myapp/shared/cached-copy && git checkout  -b deploy 8ea422656949f90cc27fd17cb31d68bbaeb33c6e; fi"
    servers: ["mydomain"]
    [mydomain] executing command
 ** [mydomain :: out] root@mydomain's password:

I'm not seeing why root's password would be required when the commands are against the deploy user's chowned directories.

For sake of security, I aim for the deployment process to only require the deploy user's password. Is there something I'm not considering?

Best Answer

In your config/deploy.rb file add

`set :use_sudo, true`

and make sure your /etc/sudoers is setup correctly.