I'm currently building a GitLab CI/CD script for automatic deployment of my web application on my server. The last task to copy the files to the server fails. The problem is that all copied files are created as gitlab-runner:gitlab-runner permissions (GitLab-runner is installed as a shell runner), which is obvious. However, I want these permissions to be changed for the www-data user.
Therefore I have added the following script to the gitlab-ci.yml
- /bin/chown www-data:www-data /var/www/[NAME]/*
- /usr/bin/find /var/www/[NAME] -type d -exec /bin/chmod 755 {} \;
- /usr/bin/find /var/www/[NAME] -type f -exec /bin/chmod 644 {} \;
- /bin/chmod 660 /var/www/[NAME]/.env
and, since I don't want to give the gitlab-runner user root privileges without entering a password, I created the following entry in the sudoers file
gitlab-runner ALL=(ALL:ALL) NOPASSWD: /usr/bin/find /bin/chmod /bin/chown
However, all operations fail with the error message like e.g.
/bin/chown: changing ownership of '/var/www/[NAME]/app': Operation not permitted
The permissions of the [NAME] folder are
drwxrwxr-x www-data www-data
What am I doing wrong? Maybe my approach to change the permissions in the CI/CD script is wrong? But then, how do I prevent the copied files from belonging to the gitlab-runner user without running gitlab-runner under the www-data user?
I solved it. According to this Change Gitlab CI Runner user I was able to deploy my application as the www-data user.