0

I was having a failed: "sh -c 'cd /var/www error. Then fixed it by adding the following in deploy.rb...

set :default_environment, {
  'PATH' => "/var/lib/gems/1.9.1/bin:$PATH"
}

Now I'm getting this new error.

 ** [out :: ip.address] Rails Error: Unable to access log file. Please ensure that /var/www/releases/20111208152807/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed.
 ** [out :: ip.address] mkdir -p /var/www/releases/20111208152807/public/assets
 ** [out :: ip.address] mkdir -p /var/www/releases/20111208152807/public/assets
 ** [out :: ip.address] mkdir -p /var/www/releases/20111208152807/public/assets
 ** [out :: ip.address] 
 ** [out :: ip.address] mkdir -p /var/www/releases/20111208152807/public/assets
 ** [out :: ip.address] mkdir -p /var/www/releases/20111208152807/public/assets
 ** [out :: ip.address] 
 ** [out :: ip.address] rake aborted!
 ** [out :: ip.address] 
 ** [out :: ip.address] Permission denied - /var/www/releases/20111208152807/public/assets/manifest.yml

So I checked the permissions on manifest.yml and production.log with ls -lha and yes, they're owned by root.

The capistrano deployment is being done by a linux user (not root) that owns the /var/www directory. I'm guessing it's because whatever command is creating those files is giving them root ownership.

CLARIFICATION: I know that probably just deploying using root will fix the problem but I don't want to use root.

leonel
  • 10,106
  • 21
  • 85
  • 129
  • What web server are you using, root shouldn't own those files at all. – Devin M Dec 08 '11 at 16:17
  • That's what I thought too, those files where created by the deployment, not me. I'm using Apache. – leonel Dec 08 '11 at 16:20
  • Ok well lets see here, try `ps aux | grep apache` and see what user Apache is running under. Also have you set the permissions on the log file to 0666 like the message asks? – Devin M Dec 08 '11 at 16:25

1 Answers1

5

You should never have web application files owned by root, They should be owned by a non privileged user. While the user varies between web servers and how your web server is set up generally the user is www-data (for Apache) or nobody (for Nginx).

And to remove your error you want to run the command mentioned in the error:

chmod 0666 /var/www/releases/20111208152807/log/production.log will set the file to read write permissions for every user.

Those permissions may be a bit permissive so you can restrict them if you feel the need.

Devin M
  • 9,636
  • 2
  • 33
  • 46
  • chmod 0666 fixed it but i'm still confused as to why i got that error in the first place. if i get the same error again i might also try this http://stackoverflow.com/questions/2469059/cant-access-log-files-in-production – leonel Dec 08 '11 at 16:46
  • 1
    You should never have your web application files owned (writeable) by the same user that runs your application. This is how you get rootkits installed. If the web application gets exploited, you want the filesystem permissions to stop the attacker from modifying your site's code. – Joel E Salas Aug 27 '13 at 00:18