I'm getting permission errors when I deploy. How can I fix that?
One common issue that people face when deploying your code are permissions errors. Beanstalk may show you an incident error like this:
Deployments::PermissionError: Failed to deploy some files to /path/to/file directory. Please check that permission settings are correct.
In your account, Beanstalk will also suggest some potential resolutions to the problem.
And the root problem is often the first one listed here. However, sometimes it is not clear how to solve the problem of permissions. This document is intended to add clarity to this subject.
Important Factors
There are several concepts to keep in mind when dealing with file permissions for deployments:
- Git and SVN do not store file permissions in the repository. Whatever permissions are set on your local computer will not be preserved when you make a commit.
- That means that if you're having permission problems during deployment, you will have to adjust permissions on your server.
- It's important to verify the correct ownership of files & directories to which you are deploying. Ideally, all deployed items should be owned by the same user that's doing the deployment.
- As well, it's important to make sure that all files & directories are writable by the owner (or all users if the file owner is not the deployment user).
- It's very important to apply both ownership and write permissions to all directories recursively. In many scenarios, the deploying user has correct permissions set on the top-level directory, but not all the contents below that level. Some of the files or directories inside have different permissions/ownerships set.
How to Fix the Issue
These two commands should fix permission problems for 99% of all deployments:
sudo chown -R user.user /deployment/location
sudo chmod -R o+rw /deployment/location
Replace "user" with the user that's doing the deployment. Replace "/deployment/location" with the path to which Beanstalk is configured to deploy to.
Note: there is a possibility that you have some sensitive files in this directory that you would not want to be readable/writable by the "user". In that case, these commands would not be advised.