I’m writing a bash script to automate deployment to a dedicated server. I use git
to push a repository bundle to the server, and then run a script from /bundle.git/hooks/post-receive
.
I’m receiving the following warning, and I would like to understand why:
npm WARN saveError EACCES: permission denied, open '/var/www/meteor/tmp/package.json.2712925818'
npm WARN saveError EACCES: permission denied, open '/var/www/meteor/tmp/package-lock.json.3301524933'
I have created a non-sudo user meteor
to deal with the npm
process. I have added a file to /etc/sudoers.d/
that gives meteor
root privileges for certain commands, without asking for a password.
Here’s a much-simplified diagramme of the file hierarchy:
tree /var/www/meteor/
├── bundle.git
│ └── hooks
│ └── post-receive
├──deploy.sh
├── raw
│ ├── package.json
│ └── public
│ └── server
... tmp ...
├── bundle
│ ├── package.json
│ └── public
│ └── server
└── archive
├── <previous versions of bundle>
...
The process is as follows:
- Update the
raw/
directory, so that it is identical to the bundle on the development machine - Create a temporary copy of
raw/
astmp
- Run
npm install --production
on this temporary copy - Move the current
bundle/
directory to an archive - Rename
tmp/
asbundle/
/var/www/meteor/bundle.git/hooks/post-receive
#!/bin/sh
GIT_WORK_TREE=/var/www/meteor/raw git checkout -f
cd ../../
sudo ./deploy.sh
/var/www/meteor/bundle.git/deploy.sh
#!/bin/sh
cp -r raw tmp
# Run npm install
ls -al tmp # for debugging
cd tmp/public/server
sudo -u meteor bash -c 'npm install --production'
cd -
chown -R meteor:www-data tmp
# Archive the current version and replace it with the new one
DATE=`date '+%y%m%d-%H%M'`
mv bundle archive/$DATE
mv tmp bundle
Here is the output in the terminal window when hooks/post-receive
is executed:
$ ./post-receive
total 24
drwxr-xr-x 3 root root 4096 Nov 23 09:35 .
drwxr-xr-x 7 blackslate www-data 4096 Nov 23 09:35 ..
-rw-r--r-- 1 root root 25 Nov 23 09:35 README.md
-rw-r--r-- 1 root root 12 Nov 23 09:35 date
-rw-r--r-- 1 root root 187 Nov 23 09:35 package.json
drwxr-xr-x 3 root root 4096 Nov 23 09:35 public
npm WARN saveError EACCES: permission denied, open '/var/www/meteor/tmp/package.json.2712925818'
npm WARN saveError EACCES: permission denied, open '/var/www/meteor/tmp/package-lock.json.3301524933'
up to date in 0.083s
This output shows that the files package.json.2712925818
and package-lock.json.2712925818
do not exist at the moment when npm install --production
is called, so they must be created by npm install
itself.
What is npm install
doing with these files, and how can I arrange for npm
to have permission to save changes to package.json
?
Or is it enough that npm
is able to read the file, so saving changes to it is irrelevant?