[chef] Re: Re: Re: Question about Chef running as root

[Matthew Moretti < >]

A Capfile is used by Capistrano, which isn't part of Chef.  As to how it's tied in, I don't know.  That would depend on the code in question.  Any chance you could share any of what you're working on in any fashion?  It sounds like you're certainly dealing with something pretty custom.

-Matt

On Wed, May 8, 2013 at 11:37 AM, Ahmed H. < " target="_blank"> > wrote:

Thanks for the quick response. You mention bootstrapping the node. Is that part of the Chef deployment? 

When digging through I found a Capfile. How does this tie into Chef? Also, not sure if it makes a difference but this is a chef-solo deployment.

Thanks again!

On Wed, May 8, 2013 at 10:50 AM, Ranjib Dey < " target="_blank"> > wrote:

in most cases chef needs to run as root (in fact any config management system), as it will try to do administrative tasks (like user creations, permissions handling, package management etc). That said, this is not imposed implicitly, which means you can very well run chef as a non-root user and do things that the user is able to  do (like creating files in side the user home directory , executing commands etc) , just make sure you point  chef to a caching directory & config where the user has permissions (i used .chef/cache in the home directory, and .chef/client.rb for configs).

As per your requirement, you can wrap the invocation with sudo, both ubuntu user and ec2-user has sudoers privilege. The bootstrap plugin specifically provides --sudo option for this (and you dont have to do this explicitly), also the knife-ec2 plugin assumes this and sets it for ya (it uses the bootstrap plugin internally)

regards
ranjib

On Wed, May 8, 2013 at 6:40 AM, Ahmed H. < " target="_blank"> > wrote:

Hello all,

I'm fairly new to Chef. I stepped through some parts of the documentation to understand what Chef is all about, and I have a rough idea.

So I am working on a project now that already uses Chef to deploy to servers. I kind of jumped into the middle of it (it was al written by someone else). The way it currently works from what I can see, is the when the scripts are run, it logs into the server as root, and then does what it needs to do based on json files. This has worked well so far, but now I am facing an issue with deploying to Amazon EC2 instances.

With Amazon EC2, we can't log in as root by default, only whatever user that is assigned (i.e. "ubuntu for Ubuntu instances, "ec2-user" for RHEL etc.). I cannot change that at the moment, so I have to find another way to do it.

My question is: does Chef always run as root? Is there a way to bypass the root user altogether, and use another user with all the privileges? How would you recommend that I tackle this?

As I said, I'm very new to this so kindly bear with me.

Thank you!