On Mon, Oct 12, 2009 at 4:06 PM, Augusto Flavio <aflavio@xxxxxxxxx> wrote: > i have a doubt about my security and deployment methods. Today i manage > several projects and these projects are versioned with subversion. My > environment is something like this: > > 1. The developer make some update in the source code of a project. (from > your IDE, generally netbeans) > 2. The developer commit the modifications to the subversion server after > test it(sure). > 3. The project manager sync the files from the dev server to the prod > server(using rsync). Sounds mostly fine. I assume you have other testing going on before deployment to production, though. > Well, my questions are 2. All about the rsync: > > 1. For each project we have a ssh user that is used to sync the files(source > code) to the prod server. The problem that i see here is that for each > project i need to have a ssh account to sync these files. This is not so > cool because i need to have severals actived ssh accounts in my prod server. > I'm thinking about the root account to do this work. Is this a good > practice? The root account is not a very good idea for this. You could create a 'service' account that is used exclusively for transferring the files to the server. To allow this user access to the various source directories you can use something like ACL's or perhaps even regular UNIX file permissions may work if your needs aren't very complex. > 2. Does have some another way, more better than the rsync for this > deployment issue? Rsync should work fine, but personally I like to see exactly which changes are being deployed especially when deploying to production. While I realise this recommendation is not Open Source software, I have found it to be an excellent piece of software for this task. I use Beyond Compare which has the ability to connect over SFTP or SCP as well as regular FTP. It allows you to 'diff' the files as you go and view exact changes and you can transfer only the changes you want or whole files if you choose to. I would not be surprised if an Open Source equivalent exists. Cheers, James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php