I am looking for a best practice as far as setting up a deployment user goes. I have 3 boxes - development, svn, production and have setup a common deployment user for all 3 boxes (same user). I'm using ssh key access to hit the 2 boxes from my development box. I have successfully deployed to production via capistrano v2 (1.99) using deploy via svn export; on my production box, i'm running apache2.2 with user/group set to www and have mongrel_cluster working ok - except mongrel_cluster is currently running as root. In order to get cap to deploy properly, i had to make deployment account an administrator (deploying to mac osx) .... have read zed's mongrel short cut plus the cap short cut plus googled everything ... and i'm looking for a best practice on setting up the deployment user .... right now ps axj shows my mongrel processes running as root; my httpd running as www .... what's the best (security-wise) setup for these users and permissions on the directories ... Any pointers or links would be appreciated. Thanks.
on 2007-05-23 05:36