Skip to content

Added writable_acl_groups option to acl mode in deploy:writable #3957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
antonmedv merged 2 commits into from
Nov 20, 2024
Merged

Added writable_acl_groups option to acl mode in deploy:writable #3957

antonmedv merged 2 commits into from
Nov 20, 2024

Conversation

@null93
Copy link
Contributor

@null93 null93 commented Nov 20, 2024

Overview

Managing writable files owned by the http_user can be challenging in environments where multiple auxiliary users need editing access. A common solution is to use setfacl to assign appropriate permissions for specified groups.

What's New?

This PR enhances the acl mode in the deploy:writable task by introducing a new option: writable_acl_groups. This option allows you to specify a list of group names that will be passed to all setfacl commands in the deploy:writable task.

The writable_acl_groups option defaults to [], ensuring full backward compatibility without breaking existing implementations.

Example Usage

Given the following settings:

// Existing options
set('writable_mode', 'acl');
set('writable_recursive', true);
set('writable_dirs', ['dummy_dir']);
set('remote_user', 'cluster-user');
set('http_user', 'www-data');

// New option
set('writable_acl_groups', ['developer']);

Deployer will execute the following commands:

setfacl -L -R -m u:cluster-user:rwX -m u:www-data:rwX -m g:developer:rwX dummy_dir
setfacl -dL -R -m u:cluster-user:rwX -m u:www-data:rwX -m g:developer:rwX dummy_dir

This will produce the following getfacl output for directories:

# file: dummy_dir
# owner: cluster-user
# group: developer
user::rwx
user:www-data:rwx
user:cluster-user:rwx
group::r-x
group:developer:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:www-data:rwx
default:user:cluster-user:rwx
default:group::r-x
default:group:developer:rwx
default:mask::rwx
default:other::r-x

And the following output for files:

# file: dummy_dir/some-file
# owner: cluster-user
# group: developer
user::rw-
user:www-data:rw-
user:cluster-user:rw-
group::r--
group:developer:rw-
mask::rw-
other::r--

Checklist

  • Bug fix #…?
  • New feature?
  • BC breaks?
  • Tests added?
  • Docs added?

@antonmedv antonmedv merged commit ffacbaa into deployphp:master Nov 20, 2024
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@antonmedv antonmedv antonmedv approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@null93 @antonmedv