How to deploy as another user with Capistrano 3

Question

I'm using and Ruby 2.1 and Capistrano 3.1 on OS X 10.9.1, deploying to CentOS 6.5.

On my target deployment server, I cannot ssh in as my deploy user, admin@myserver, but I can ssh in as paul@myserver and then sudo su - admin.

I made a test task:

task :sayhello do
  on roles(:app) do
    as "admin" do
      puts capture "whoami"
    end
  end
end

And that works as expected:

$ cap beta deploy:sayhello 
DEBUG [acaa0e6a] Running /usr/bin/env if ! sudo su admin -c whoami > /dev/null; then echo "You cannot switch to user 'admin' using sudo, please check the sudoers file" 1>&2; false; fi on awse-tweb01.foo.com
DEBUG [acaa0e6a] Command: if ! sudo su admin -c whoami > /dev/null; then echo "You cannot switch to user 'admin' using sudo, please check the sudoers file" 1>&2; false; fi
DEBUG [acaa0e6a] Finished in 6.982 seconds with exit status 0 (successful).
DEBUG [153b980d] Running /usr/bin/env whoami on awse-tweb01.foo.com
DEBUG [153b980d] Command: sudo su admin -c "/usr/bin/env whoami"
DEBUG [153b980d]    admin
DEBUG [153b980d] Finished in 0.535 seconds with exit status 0 (successful).
admin

How can I have Capistrano run the deploy tasks as admin? i.e. prefixed with sudo su admin -c or sudo su the shell before running commands.

Answer 1

You'll need to add your key to the admin user. You can add your public key to the authorized hosts of the user you want to deploy as.

the as() function is so that you can login with a deploy for most commands but you need to run a command as another users. Like running a command under postgres user or something. Of course this is permissions so mileage may vary and could be different on other envs.