Rails - Jun 2006 - Capistrano, chmod, and revisions.log

background:

One of our developers is just getting started with Capistrano, just  
getting together a rudimentary deploy.rb, copied from one of our  
contract developers who is just getting started a bit too.    I''m the  
systems manager and a complete Rails and Ruby newbie  (who, by the  
way, cannot thank Zed Shaw enough for mongrel and Bradley Taylor  
enough for mongrel_cluster :-)

I''m using POSIX ACLs on ext3 to let the devs do their thing and make  
sure that apache and mongrel have r, rx, and rwx where they need to  
for their applications without playing a bunch of owner/group games  
for the files.  This is working out well, and I can happily tell the  
devs to ignore any and all chmod recommendations littered throughout  
the web references to capistrano, because they are completely  
unnecessary

well, until capistrano itself does a chmod.

Buried in .../gems/capistrano-1.1.0/lib/capistrano/scm/base.rb is this:

         def logging_commands(directory = nil)
           log = "#{configuration.deploy_to}/revisions.log"

           "(test -e #{log} || touch #{log} && chmod 666 #{log})
&& " +
           "echo `date +\"%Y-%m-%d %H:%M:%S\"` $USER # 
{configuration.revision} #{directory} >> #{log};"
         end

Well, this apparently caused a deployment to fail for my dev (maybe,  
the dev and I were debugging this over IM and there were multiple  
issues, one of which was a mongrel_rails cluster::restart which  
doesn''t start a stopped mongrel_rails process).  For reasons that
I''m
still not sure about (see debugging comment above), the test -e  
failed on the revisions.log (even though it existed) and because the  
dev wasn''t the owner (but has read/write from the ACL on the file) -  
the chmod failed, failing the logging - and affecting who knows what  
else.

This chmod assumption annoys the heck out of my system admin  
sensibilities.  I don''t want/need scripts trying to fix their own  
permissions.  Either try the write and fail or succeed.   (okay, so  
my dev sensibilities appreciate the attempt, at least until its  
assumption fails).

so...

a) is this the right forum to comment on this?
b) in the collective opinion, what''s the feeling on this?  (if the  
consensus thinks the chmod is great, I''ll get over it)
c) if (b) == get rid of the chmod,  is this worthy for a bug report?
d) if (c) where do I file said bug report?

Thanks,
Jason

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jason Young --  Systems Engineer, eXtension
  http://about.extension.org/wiki/Jason_Young
______________________________________

I''ve not worked with ACLs, but I''ve found that
Capistrano works great if you create a user
that:

   1) Owns the files, and
   2) Starts Mongrel

This user needs almost no privileges at all.

--  
-- Tom Mornini

On Jun 20, 2006, at 8:11 AM, Jason Young wrote:
> background:
>
> One of our developers is just getting started with Capistrano, just  
> getting together a rudimentary deploy.rb, copied from one of our  
> contract developers who is just getting started a bit too.    I''m
> the systems manager and a complete Rails and Ruby newbie  (who, by  
> the way, cannot thank Zed Shaw enough for mongrel and Bradley  
> Taylor enough for mongrel_cluster :-)
>
> I''m using POSIX ACLs on ext3 to let the devs do their thing and  
> make sure that apache and mongrel have r, rx, and rwx where they  
> need to for their applications without playing a bunch of owner/ 
> group games for the files.  This is working out well, and I can  
> happily tell the devs to ignore any and all chmod recommendations  
> littered throughout the web references to capistrano, because they  
> are completely unnecessary
>
> well, until capistrano itself does a chmod.
>
> Buried in .../gems/capistrano-1.1.0/lib/capistrano/scm/base.rb is  
> this:
>
>         def logging_commands(directory = nil)
>           log = "#{configuration.deploy_to}/revisions.log"
>
>           "(test -e #{log} || touch #{log} && chmod 666
#{log}) && " +
>           "echo `date +\"%Y-%m-%d %H:%M:%S\"` $USER # 
> {configuration.revision} #{directory} >> #{log};"
>         end
>
> Well, this apparently caused a deployment to fail for my dev  
> (maybe, the dev and I were debugging this over IM and there were  
> multiple issues, one of which was a mongrel_rails cluster::restart  
> which doesn''t start a stopped mongrel_rails process).  For reasons
> that I''m still not sure about (see debugging comment above), the  
> test -e failed on the revisions.log (even though it existed) and  
> because the dev wasn''t the owner (but has read/write from the ACL
> on the file) - the chmod failed, failing the logging - and  
> affecting who knows what else.
>
> This chmod assumption annoys the heck out of my system admin  
> sensibilities.  I don''t want/need scripts trying to fix their own
> permissions.  Either try the write and fail or succeed.   (okay, so  
> my dev sensibilities appreciate the attempt, at least until its  
> assumption fails).
>
> so...
>
> a) is this the right forum to comment on this?
> b) in the collective opinion, what''s the feeling on this?  (if the
> consensus thinks the chmod is great, I''ll get over it)
> c) if (b) == get rid of the chmod,  is this worthy for a bug report?
> d) if (c) where do I file said bug report?
>
> Thanks,
> Jason
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jason Young --  Systems Engineer, eXtension
>  http://about.extension.org/wiki/Jason_Young
> ______________________________________
>
>
>
>
>
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails

Well,

part of the whole problem here is that this is supposedly a fixed bug:

http://dev.rubyonrails.org/ticket/3223

but it''s not in capistrano 1.1.0

when do capistrano fixes make it into the gems?

thanks!
Jason

On Jun 20, 2006, at 11:11 AM, Jason Young wrote:
> background:
>
> One of our developers is just getting started with Capistrano, just  
> getting together a rudimentary deploy.rb, copied from one of our  
> contract developers who is just getting started a bit too.    I''m
> the systems manager and a complete Rails and Ruby newbie  (who, by  
> the way, cannot thank Zed Shaw enough for mongrel and Bradley  
> Taylor enough for mongrel_cluster :-)
>
> I''m using POSIX ACLs on ext3 to let the devs do their thing and  
> make sure that apache and mongrel have r, rx, and rwx where they  
> need to for their applications without playing a bunch of owner/ 
> group games for the files.  This is working out well, and I can  
> happily tell the devs to ignore any and all chmod recommendations  
> littered throughout the web references to capistrano, because they  
> are completely unnecessary
>
> well, until capistrano itself does a chmod.
>
> Buried in .../gems/capistrano-1.1.0/lib/capistrano/scm/base.rb is  
> this:
>
>         def logging_commands(directory = nil)
>           log = "#{configuration.deploy_to}/revisions.log"
>
>           "(test -e #{log} || touch #{log} && chmod 666
#{log}) && " +
>           "echo `date +\"%Y-%m-%d %H:%M:%S\"` $USER # 
> {configuration.revision} #{directory} >> #{log};"
>         end
>
> Well, this apparently caused a deployment to fail for my dev  
> (maybe, the dev and I were debugging this over IM and there were  
> multiple issues, one of which was a mongrel_rails cluster::restart  
> which doesn''t start a stopped mongrel_rails process).  For reasons
> that I''m still not sure about (see debugging comment above), the  
> test -e failed on the revisions.log (even though it existed) and  
> because the dev wasn''t the owner (but has read/write from the ACL
> on the file) - the chmod failed, failing the logging - and  
> affecting who knows what else.
>
> This chmod assumption annoys the heck out of my system admin  
> sensibilities.  I don''t want/need scripts trying to fix their own
> permissions.  Either try the write and fail or succeed.   (okay, so  
> my dev sensibilities appreciate the attempt, at least until its  
> assumption fails).
>
> so...
>
> a) is this the right forum to comment on this?
> b) in the collective opinion, what''s the feeling on this?  (if the
> consensus thinks the chmod is great, I''ll get over it)
> c) if (b) == get rid of the chmod,  is this worthy for a bug report?
> d) if (c) where do I file said bug report?
>
> Thanks,
> Jason
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jason Young --  Systems Engineer, eXtension
>  http://about.extension.org/wiki/Jason_Young
> ______________________________________
>
>
>
>
>
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jason Young --  Systems Engineer, eXtension
  http://about.extension.org/wiki/Jason_Young
______________________________________