What would people recommend for a best practice Capistrano config,
specifically re: users and permissions? My current config is something
- Have a non-root user setup on my remote box (which is the web, app +
db server) - who is a sudoer
- Have a group ‘deployers’ to which that account belongs
- The root user owns the deploy_to parent directory, but the group owner
is ‘deployers’ and that directory has 775 permissions.
- The deploy script uses ssh_agent forwarding to allow it to check out
the code from another server which is the SVN repository
- The deploy script runs as the non-root user
- The use_sudo is true (the capistrano default) and sudo is used to
restart the mongrel cluster and nginx webserver (there are other apps on
the server too)
Any feedback on this setup – how are other people doing it?