Re: security/deployment issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Oct 12, 2009 at 4:06 PM, Augusto Flavio <aflavio@xxxxxxxxx> wrote:
> i have a doubt about my security and deployment methods. Today i manage
> several projects and these projects are versioned with subversion. My
> environment is something like this:
>
> 1. The developer make some update in the source code of a project. (from
> your IDE, generally netbeans)
> 2. The developer commit the modifications to the subversion server after
> test it(sure).
> 3. The project manager sync the files from the dev server to the prod
> server(using rsync).

Sounds mostly fine. I assume you have other testing going on before
deployment to production, though.

> Well, my questions are 2. All about the rsync:
>
> 1. For each project we have a ssh user that is used to sync the files(source
> code) to the prod server. The problem that i see here is that for each
> project i need to have a ssh account to sync these files. This is not so
> cool because i need to have severals actived ssh accounts in my prod server.
> I'm thinking about the root account to do this work. Is this a good
> practice?

The root account is not a very good idea for this. You could create a
'service' account that is used exclusively for transferring the files
to the server. To allow this user access to the various source
directories you can use something like ACL's or perhaps even regular
UNIX file permissions may work if your needs aren't very complex.

> 2. Does have some another way, more better than the rsync for this
> deployment issue?

Rsync should work fine, but personally I like to see exactly which
changes are being deployed especially when deploying to production.
While I realise this recommendation is not Open Source software, I
have found it to be an excellent piece of software for this task. I
use Beyond Compare which has the ability to connect over SFTP or SCP
as well as regular FTP. It allows you to 'diff' the files as you go
and view exact changes and you can transfer only the changes you want
or whole files if you choose to. I would not be surprised if an Open
Source equivalent exists.

Cheers,

James

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux