I have a Rails app (a Spree Commerce store) running on Digital Ocean and deployed through Cloud 66.
I would like to SSH into my server, run a rails console, and adjust some Spree config settings. When I try to do this I get a permissions error:
Errno::EACCES: Permission denied # dir_s_mkdir -
/var/deploy/my-app/web_head/releases/20150220220517/tmp/cache/29B
According to the Spree Developer Guide's page on preferences, this is because preferences are cached into memory to improve performance. The problem (I think) is that my user doesn't have write access to the tmp/cache directory, and it is my user that is running the rails console.
If I ls -l on the $STACK_PATH/tmp/cache directory I get the following:
> lrwxrwxrwx 1 nginx nginx 43 Feb 20 22:05
> tmp/cache ->
> /var/deploy/my-app/web_head/shared/cache
I figure I need to give my user write access to the directory, like the nginx user has. I tried adding myself to the nginx user group, but that didn't seem to have any effect. What can I do to prevent this permissions error?
Ok, I figured it out based on this question and answer on Cloud 66's support forum.
I changed the group owner of the cache folder to app_writers, a group that my user is a part of. The Cloud 66 way to do this is with a deploy hook. Here's the yml file that worked for me:
production:
after_rails:
command: chown nginx:app_writers /var/deploy/my-app/web_head/current/tmp/cache && chmod -R 775 /var/deploy/my-app/web_head/current/tmp/cache
target: rails
run_on: all_servers
sudo: true
Related
Rails 3.2.18
Ruby 2.15
I inherited a Rails application that I am trying to decipher. In environments/production.rb, I have:
config.logger = Logger.new(config.paths['log'].first, 100, 10485760)
config.log_tags = [ lambda {|r| DateTime.now } ]
which is going to create a log file in the log folder and when it reaches 10MB it ages it and keeps 100 in the folder.
When I look at the folder, I see that the owner of these files is root. How do I make sure the owner is the user and not root? For instance, if the application is deployed in /home/myapp, I want the owner to be the myapp user. The real side issue I'm having is that if I am logged in as the myapp user and try to precompile assets, it fails because the log file is owned by root.
Permissions are always a pain. You'll likely want to run something like this:
sudo chown -R myapp_user /home/myapp
or
sudo chown -R myapp_user:myapp_user /home/myapp
if you want the group to be set as well. This requires the user you are running as to have sudo permissions. If you don't have sudo permissions you'll have to login as root and execute the command above.
I'm using carrierwave in a rails app to upload files. It works fine on my development environment, but on my production VM (Ubuntu), I'm getting this error:
An Errno::EACCES occurred in users#update:
Permission denied - /home/yards/apps/yardsapp/releases/20130616143623/public/uploads/tmp/20130616-1438-14186-3184
/usr/local/lib/ruby/1.9.1/fileutils.rb:244:in `mkdir'
I'm pretty sure I understand what is going on, but I can't seem to figure out a fix. My capistrano deploy.rb is set up with the user as root. So when it creates the new release folder on a deploy, the access rights are for root (I think).
Then when I try to upload a file, I get that error because nginx is trying to execute a mkdir as www-data.
I could chown the folder after the deploy and it works...but then another deploy creates another new directory with owner set to root as default.
At least I think this is what is going on. Does anyone have any ideas on how I should be doing this?
Run your deployment as www-data. You might need to adjust the authorized_keys file for the www-data user as well to be able to connect.
To fastest way would be to copy over your authorized_keys file for whatever user you are using at the moment (assuming you are root):
mkdir $WWW_DATA_HOME/.ssh
cp ~/.ssh/authorized_keys $WWW_DATA_HOME/.ssh/authorized_keys
chown www-data:www-data $WWW_DATA_HOME/.ssh/authorized_keys
You might also need to change the shell for the www-data user to log in to it:
chsh -s /bin/bash www-data
Now you should be able to do
ssh www-data#your-host.tld
and log in.
What this came down to was an improper Capistrano configuration. I followed the capistrano docs correctly (and made a 'deployer' user, same thing as the www-data as suggested above) and I have capistrano working like a charm. Also upgraded to Capistrano 3.
My Rails app is having trouble writing into it's public/ directory. I've setup nginx with user root;, the capistrano recipe I'm using also is using root when connecting via ssh.
To fix this I made capistrano run chmod o+w -R #{current_path}/ but I don't think this is a good solution. What am I missing?
According to Phusion Passenger's documentation:
Under no circumstances will applications be run as root. If
environment.rb/config.ru is owned as root or by an unknown user, then
the Rails/Rack application will run as the user specified by
passenger_default_user and passenger_default_group.
http://modrails.com/documentation/Users%20guide%20Nginx.html#user_switching
The rails 3.0 app is on ubuntu server using apache/passenger. The user to deploy the app is admin, it is also the user running the app (did not choose the name, admin has no root privileges). I updated paperclip again today.
The paperclip plugin is used to upload images. It upload correctly the images but the folder it creates are using permission that no one can read : drwxr-x--- 4 admin admin
As you can see there is no right for "others" but it seems apache try to read the file with www-admin.
The umask for admin user is 022, why does paperclip creates folders with no permissions for others?
How can i change that?
EDIT : I checked, passenger and rails process are all owned by admin.
If you're deploying with capistrano add this:
task :chmod_entire_deploy_dir do
sudo "#{sudo} chmod 0775 -R #{deploy_to}"
end
after "deploy:setup", :chmod_entire_deploy_dir
I have to change the user & group some times too:
task :chown_entire_deploy_dir do
sudo "#{sudo} chown my_user:my_group -R #{deploy_to}"
end
after "deploy:setup", :chown_entire_deploy_dir
Otherwise you can just chmod the directory manually.
I was trying to run my application and check for some output on the production.log. However Ruby on Rails throws this error.
Apache log
Rails Error: Unable to access log file. Please ensure that /var/www/somefolder/someapp/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed.
I have performed the necessary chmod 666 production.log to make it work but I realized that the file is under root access.
So my file permissions are
-rw-rw-rw- 1 root root 20845 2010-03-18 01:18 production.log
I'm not sure how to allow Ruby on Rails to access this file. I'm fairly new to managing a Linux production environment so I request you to excuse my ignorance.
I think you need to change the user and group of production.log to whatever user and group Rails (i.e. Passenger or Mongrel or whatever you are using) runs under.
Okay I just figured it out.
First need to update Apache.conf passenger configurations:
PassengerDefaultUser username
The assign ownership using chown:
chown -R username:username <folder>
I don't know if this is the right way but it worked for me.