The scenario:
I use an environment that is provisioned by Puppet / Vagrant (PuPHPet).
Apache runs with user www-data:www-data
--- Config vagrant
apache:
install: '1'
settings:
version: 2.4
user: www-data
group: www-data
When we are doing the environment setup we do the following:
We added the user ubuntu to the group www-data
$ sudo usermod -a -G www-data ubuntu
Read / write permission to the whole group
$ sudo chmod -R g+rw /var/www/
And it passes ownership of everything to www-data:www-data , because otherwise the application can not write to the files, upload, etc.
$ sudo chown -R www-data:www-data /var/www/
Whenever we need to deploy a new version of the application we run the entire pipeline locally, this generates a .zip file and then uploads this file to FTP via SFTP and then extracts it from the zip in the required directory with PHP script .
The problem:
We connect to the machine via SFTP using the user ubuntu .
Access the unzip link (so you do not need to use the CLI to do these updates)
When the script extracts, all files and folders are allowed:
So I can no longer do anything with the files as an FTP user because the permission was restricted to www-user: www-data.
So I need to log in again via SSH on the server and give chmod / chown to the directory so the application can perform operations on the directories.
My question is:
What would be the solution to this deploy scenario that I do not have to keep manipulating permissions all the time I do an update?