Phoenix release permissions

Hi all, just wondering what the best practice is for user permissions on a Phoenix release deployed to a VPS. The VPS will run multiple instances of the same app (staging, test, production etc).

I was hoping to have 1 deployer user, and 1 user per app instance (my_app_staging, my_app_production…).

The deployer user will have write access to the directory where the releases get copied to (rsynced from my build server).

The app instance users will be the user that the app is run under (via systemd) and have only read access to the release. I would configure the environment vars specific to each instance under that user.

But, it seems the user the app is run under requires more than just read permissions to the release (write premissions required on /tmp, execute permissions on /bin/my_app and others).

I could chown the directories and files as part of my deployment script… but I’ve not seen what permissions are required documented anywhere. Any ideas?

1 Like