What is the correct way to reboot the web server?

A

Artem Gribkov2016-03-21 13:09:14

PHP

Artem Gribkov, 2016-03-21 13:09:14

The project is deployed to the server using capistrano by the "deployer" user, which does not have rights to restart web servers. Only the root has rights, respectively, now, in order to restart the server, you have to do it manually via ssh under root.
And so how it is correct to reboot the server in such situation without direct intervention?
As an option to give the user "deployer" rights through visudo and drive a task into capistrano with a reboot command? But is it right from a security point of view?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Alexey Ukolov, 2016-03-21
@alexey-m-ukolov

As an option to give the user "deployer" rights through visudo and drive a task into capistrano with a reboot command? But is it right from a security point of view?

In my opinion - a normal solution. Only give rights exclusively to reload, but not to restart.

K

Konstantin Grachev, 2016-03-21
@Preemiere

It is more correct to give the deployer user the right to restart nginx without access to sudo.
Or run another nginx from the deployer and reload as much as you like, and proxy requests to the second with the first nginx.
PS Is there really a need to restart nginx after deployment?

S

sim3x, 2016-03-21
@sim3x

You make a script in which you list all operations from root
You pull the script from CI
Here is another bad thing - you can "not notice" that the script worked crookedly and you have nothing in production.
So you still have to do it manually

I

Ilya Erokhin, 2016-03-22
@AirWorker

If one project is deployed on the server, I don’t see any reason to bother with users and be afraid of deploying from root. If the user from whom the deployment is being performed can fill up this very deployment - why be afraid for the rest of the server's giblets?