Best practices for users when deploying Shopware 6

Hi,

we are currently trying to implement a workflow for deploying our Shopware 6 instance to a Ubuntu server from a Gitlab repo using Deployer.

The deployment seems to work fine, problems still arise with the users that we are using:

The deployment is done via a user „deployer“ that can login via SSH key and is able to sudo. The nginx webserver uses „www-data“ for the vhost. Adter deployment all files belong to „deployer“, which is a problem, since Shopware needs to write files etc. during operation. Assuming the directory „current“ needs to belong to „www-data“, we saw that Deployer is already able to chmod the files to the local user after deployment. This would need an elevation of rights though, which in turn would need a password (instead of the SSH key) and couldn’t be done automatically.

What would be the best practice approach here? Running nginx with a different user? Adjusting any group memberships/rights/etc.?

See the part with ->set('http_user', 'www-data') // Not needed, if the user is the same user, the webserver is running with

Hi @Max_Shop ,

I have seen the article but am wondering, what exactly this setting does. Also does „deployer“ need to be in the „www-data“ group?

What else ist needed (in terms of user rights) to correctly deploy as „deployer“ but running nginx as „www-data“?

I have never used Deployer, thus I cannot tell you what is needed. I guess that manual/code contains all necessary steps.

Looking at that line of code it changes the file permissions to www-data. So you should be fine running Deployer with any user.

You could try adding the user ‚deployer‘ to the ‚www-data‘ group :wink: