I'm in the process of finalizing a simple GIT workflow in our Aegir environment and have stumble into a bit a road block giving Drush capability. We are building on the multi-user setup recommended by mig5 (http://perlucida.com/blog/software/four-tips-for-developing-drupal-under...) that takes advantage of the group permissions set by Provision (and adding developers to the "aegir" group) in the /sites directories. This combined with dropping some .git repos in the site root seems to be working pretty good for us so far but none of the dev users can use Drush. The issue is that only the Aegir User and not the Aegir group have read permissions on the Platform and Site drushrc.php files.
I hacked provision.drush.inc and provision.inc and changed the chmod commands to set permissions to 640 and 440 (vs 600 and 400)
/var/aegir/.drush/provision/provision.drush.inc (~line 204)
function _provision_generate_config() {
$exists = provision_path_exists(drush_get_option('docroot_path') . '/drushrc.php');
if ($exists) {
drush_log(dt("Found existing drushrc.php file"));
provision_path("chmod", drush_get_option('docroot_path') . '/drushrc.php', 0640,
dt('Changed permissions of drushrc.php to @confirm'),
dt('Could not change permissions of drushrc.php to @confirm'));
}
else {
drush_log(dt("Generating drushrc.php file"));
}
provision_save_platform_data();
provision_path("chmod", drush_get_option('docroot_path') . '/drushrc.php', 0440,
dt('Changed permissions of drushrc.php to @confirm'),
dt('Could not change permissions of drushrc.php to @confirm'));
return TRUE;
}/var/aegir/.drush/provision/provision.inc (~line 102)
provision_path("chmod", $filename, 0640,
dt('Changed permissions of drushrc.php to @confirm'),
dt('Could not change permissions of drushrc.php to @confirm'));
}After running Verify on the Platform and Site the users can now run Drush and GIT commands in the Aegir dirs. Everything seems to be working fine but my gut is telling me this might be pushing my luck within Aegir.
Has anyone else got DRUSH and GIT working for multiple users (so everyone is not using the Aegir User) in the Aegir environment? Is this a bad idea?
Comments
BTW, we are running on Aegir
BTW, we are running on Aegir .04 alpha6
alpha6 is out of date
all this code has drastically changed.
any news on this workflow with latest Aegir versions ?
am super interested in this approach and wondering if you've moved on since this ?
Thanks Adrian, I will put it
Thanks Adrian, I will put it on hold until we get current.
Using the case I'd like to
Using the case I'd like to ask for feedback about another idea http://groups.drupal.org/node/83534 aimed to the same subject :)
I really like the idea of
I really like the idea of enabling developers to work on sites provisioned by Aegir. Adding developers to the aegir group and adjusting the permissions of specific directors to allow group write is a good start. But what I really want is the ability to give developers read/write access to specific site instances only... is there a way?
--
Tom
www.systemseed.com - drupal development. drupal training. drupal support.
Sorry for double posting, but
Sorry for double posting, but the idea I am trying to get feedback for is also about pushing site instances and manage permissions right from aegir. :)