Added writable_acl_groups option to acl mode in deploy:writable (#3957)

null93 · web-flow · commit ffacbaa36546 · 2024-11-20T22:53:54.000+01:00
* Added `writable_acl_groups` option to acl mode in `deploy:writable`

* Added docs
diff --git a/docs/recipe/deploy/writable.md b/docs/recipe/deploy/writable.md
@@ -91,11 +91,20 @@ The chmod mode.
 ```
 
 
+### writable_acl_groups
+[Source](https://github.com/deployphp/deployer/blob/master/recipe/deploy/writable.php#L62)
+
+List of additional groups to give write permission to.
+
+```php title="Default value"
+[]
+```
+
 
 ## Tasks
 
 ### deploy\:writable {#deploy-writable}
-[Source](https://github.com/deployphp/deployer/blob/master/recipe/deploy/writable.php#L62)
+[Source](https://github.com/deployphp/deployer/blob/master/recipe/deploy/writable.php#L65)
 
 Makes writable dirs.
 
diff --git a/recipe/deploy/writable.php b/recipe/deploy/writable.php
@@ -58,6 +58,9 @@
 // The chmod mode.
 set('writable_chmod_mode', '0755');
 
+// List of additional groups to give write permission to.
+set('writable_acl_groups', []);
+
 desc('Makes writable dirs');
 task('deploy:writable', function () {
     $dirs = join(' ', get('writable_dirs'));
@@ -103,6 +106,13 @@
             run("$sudo chmod +a \"$remoteUser allow delete,write,append,file_inherit,directory_inherit\" $dirs");
         } elseif (commandExist('setfacl')) {
             $setFaclUsers = "-m u:\"$httpUser\":rwX";
+            $setFaclGroups = "";
+            foreach (get("writable_acl_groups") as $index => $group) {
+                if ($index > 0) {
+                    $setFaclGroups .= " ";
+                }
+                $setFaclGroups .= "-m g:\"$group\":rwX";
+            }
             // Check if remote user exists, before adding it to setfacl
             $remoteUserExists = test("id -u $remoteUser &>/dev/null 2>&1 || exit 0");
             if ($remoteUserExists === true) {
@@ -119,13 +129,13 @@
                     $hasfacl = run("getfacl -p $dir | grep \"^user:$httpUser:.*w\" | wc -l");
                     // Set ACL for directory if it has not been set before
                     if (!$hasfacl) {
-                        run("setfacl -L $recursive $setFaclUsers $dir");
-                        run("setfacl -dL $recursive $setFaclUsers $dir");
+                        run("setfacl -L $recursive $setFaclUsers $setFaclGroups $dir");
+                        run("setfacl -dL $recursive $setFaclUsers $setFaclGroups $dir");
                     }
                 }
             } else {
-                run("$sudo setfacl -L $recursive $setFaclUsers $dirs");
-                run("$sudo setfacl -dL $recursive $setFaclUsers $dirs");
+                run("$sudo setfacl -L $recursive $setFaclUsers $setFaclGroups $dirs");
+                run("$sudo setfacl -dL $recursive $setFaclUsers $setFaclGroups $dirs");
             }
         } else {
             $alias = currentHost()->getAlias();
