Cap invoke and sudo
https://stackoverflow.com/questions/128938
-
02-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I want to install a gem on all my application servers, but gem install requires sudo access - how can I enable sudo only for running this capistrano command?
In other words, I don't wish to use sudo for all my deployment recipes, just when I invoke this command on the command line.
Solution
Found it - cap invoke COMMAND="command that requires sudo" SUDO=1
OTHER TIPS
I'm not quite sure I understand the question, but I think you're asking how to restrict sudo to the one specific command and not have to grant unlimited capacity for mischief to all of your Ruby developers.
/etc/sudoers can be set up to restrict the commands which users are allowed to invoke as root. It is commonly set to ALL, but you can provide just a list of the allowed commands.
It would be best to use unix ACLs or similar permissions for this. Give the deploy user sudoer access, then you can call run "sudo do_something" and it will be sudo-level access only for that call.
