Setfacl permissions for Capifony: "Operation not allowed"
I have a user didongo
(user and group didongo
) and an nginx server (user and group www-data
). I have set up Capifony to login as user didongo
: on first run the command setfacl
works fine (while the logs folder is empty). But after the web application served by nginx generated multiple logs (prod.log), the very next deployment fails with an error setfacl
.
I'm pretty sure I'm making a noob error with permissions between user and webserver, but I can't see what kind of error. I see that didongo
I cannot change the permissions for a file to which it does not have permission. But then how am I supposed to set up the server or Capifony?
Thank!
Relevant (hopefully so) Capifony deploy.rb config:
set :user, "didongo"
set :webserver_user, "www-data"
set :permission_method, :acl
set :use_set_permissions, true
set :shared_children, [app_path + "/logs", web_path + "/uploads", "vendor"]
set :writable_dirs, ["app/cache", "app/logs"]
This is a Capifony bug:
$ setfacl -R -m u:didongo:rwx -m u:www-data:rwx /home/didongo/staging/shared/app/logs
setfacl: /home/didongo/staging/shared/app/logs/prod.log: Operation not permitted
Some data in the ACL:
$ getfacl app/logs
# file: logs
# owner: didongo
# group: didongo
user::rwx
user:www-data:rwx
user:didongo:rwx
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:user:www-data:rwx
default:user:didongo:rwx
default:group::rwx
default:mask::rwx
default:other::r-x
# file: logs/prod.log
# owner: www-data
# group: www-data
user::rw-
user:www-data:rwx #effective:rw-
user:didongo:rwx #effective:rw-
group::rwx #effective:rw-
mask::rw-
other::r--
source to share
Try it once with sudo and after you don't need to use sudo
sudo sh -c 'setfacl -R -m u:didongo:rwX -m u:www-data:rwX /home/didongo/staging/shared/app/logs'
Since you need to set permissions x+
, read this What does Trailing Plus indicate
source to share