Skip to content

Commit

Permalink
Added writable_acl_groups option to acl mode in deploy:writable (#…
Browse files Browse the repository at this point in the history
…3957)

* Added `writable_acl_groups` option to acl mode in `deploy:writable`

* Added docs
  • Loading branch information
null93 authored Nov 20, 2024
1 parent 8a2c0cb commit ffacbaa
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 5 deletions.
11 changes: 10 additions & 1 deletion docs/recipe/deploy/writable.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,11 +91,20 @@ The chmod mode.
```


### writable_acl_groups
[Source](https://github.com/deployphp/deployer/blob/master/recipe/deploy/writable.php#L62)

List of additional groups to give write permission to.

```php title="Default value"
[]
```


## Tasks

### deploy\:writable {#deploy-writable}
[Source](https://github.com/deployphp/deployer/blob/master/recipe/deploy/writable.php#L62)
[Source](https://github.com/deployphp/deployer/blob/master/recipe/deploy/writable.php#L65)

Makes writable dirs.

Expand Down
18 changes: 14 additions & 4 deletions recipe/deploy/writable.php
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@
// The chmod mode.
set('writable_chmod_mode', '0755');

// List of additional groups to give write permission to.
set('writable_acl_groups', []);

desc('Makes writable dirs');
task('deploy:writable', function () {
$dirs = join(' ', get('writable_dirs'));
Expand Down Expand Up @@ -103,6 +106,13 @@
run("$sudo chmod +a \"$remoteUser allow delete,write,append,file_inherit,directory_inherit\" $dirs");
} elseif (commandExist('setfacl')) {
$setFaclUsers = "-m u:\"$httpUser\":rwX";
$setFaclGroups = "";
foreach (get("writable_acl_groups") as $index => $group) {
if ($index > 0) {
$setFaclGroups .= " ";
}
$setFaclGroups .= "-m g:\"$group\":rwX";
}
// Check if remote user exists, before adding it to setfacl
$remoteUserExists = test("id -u $remoteUser &>/dev/null 2>&1 || exit 0");
if ($remoteUserExists === true) {
Expand All @@ -119,13 +129,13 @@
$hasfacl = run("getfacl -p $dir | grep \"^user:$httpUser:.*w\" | wc -l");
// Set ACL for directory if it has not been set before
if (!$hasfacl) {
run("setfacl -L $recursive $setFaclUsers $dir");
run("setfacl -dL $recursive $setFaclUsers $dir");
run("setfacl -L $recursive $setFaclUsers $setFaclGroups $dir");
run("setfacl -dL $recursive $setFaclUsers $setFaclGroups $dir");
}
}
} else {
run("$sudo setfacl -L $recursive $setFaclUsers $dirs");
run("$sudo setfacl -dL $recursive $setFaclUsers $dirs");
run("$sudo setfacl -L $recursive $setFaclUsers $setFaclGroups $dirs");
run("$sudo setfacl -dL $recursive $setFaclUsers $setFaclGroups $dirs");
}
} else {
$alias = currentHost()->getAlias();
Expand Down

0 comments on commit ffacbaa

Please sign in to comment.