Permission errors during deployment

Troubleshooting permission errors during deployment

If your application needs to write back to your web server then you may have permission errors. Your webserver runs under a different user to the user that does your deployment. This user (nginx) does not have elevated permissions, and so does not have write access to your filesystem (except explicitly to the /tmp and the $STACK_PATH/tmp folders).

This drastically improves security on your application. However, some gems/applications require the ability to write to local files that are not in the above folders by default.

Important

An example error you'd receive in the above case could look like Errno::EACCES (Permission denied...)

To resolve these issues you can do one of the following:

  1. Configure the gem to use one of the paths above.
  2. Use a deploy hook to permission the required path after deployment.

Resolution 1: Configuring the gem

Many gems allow the use of a configuration file, or have initializers to configure them, so these can be used to set the directory needed for deployment. This will vary depending on the gem that is causing your issue - we recommend that you have a look at the documentation provided by your gem to see if an alternative configuration is indeed possible.

Resolution 2: Deploy hook

You can use a deploy hook to execute a script after each deployment that will setup the permissions required:

production:
    after_rails:
      - command: sudo mkdir $STACK_PATH/tmp/folder && sudo chmod 0775 -R $STACK_PATH/tmp/folder
        target: rails
        execute: true

 

You must be logged in to comment on this article