Setting directory permissions with Octopus Deploy
If you follow me on Twitter, you’d probably be sure of one thing by now: I love Octopus Deploy! I have been quite vocal about lately, as it’s made my life so much easier and every time I use it to deploy a site I have a little giddy moment of happiness.
I actively support around 20 ASP.NET apps, along with a heap that I wouldn’t call “active” and a small number of good ol’ WordPress sites. So my practice up recently of using FTP to deploy changes manually to these sites (including to a staging site and then to production) has always been painful and fraught with danger.
I’m slowly moving all these sites onto a process that includes building the site in TeamCity, and then deploying it with Octopus Deploy. Most of the sites run on my dedicated server, so I’ve also had to deal with some interesting configuration settings around running multiple sites on the one machine. Octopus Variables has saved the day with that!
Just today, though, I solved a minor bugbear that I’ve had since the start - whenever I deploy a brand new site, I have to change the file permissions on the /logs and /uploads directories (and sometimes others, depending on the project) to have full control by the IIS users group (IIS_IUSRS).
My solution has been to add some steps to my deploy.ps1 PowerShell script (which previously only housed my database migrations script calls) to update the required file permissions.
Here is the relevant part of the PowerShell script:
function ApplyPermission
{
param([string]$path, [string]$users, [string]$permission)
if(!(Test-Path $path ))
{
throw "$path does not exist"
}
else
{
$users = $writePermissionsTo.Split(",")
foreach($user in $users)
{
Write-Host "Adding write permissions for $user on path $path"
$acl = (Get-Item $path).GetAccessControl('Access')
$acl.SetAccessRuleProtection($False, $False)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user, permission, "ContainerInherit, ObjectInherit", "None", "Allow")
$acl.AddAccessRule($rule)
Set-Acl $path $acl
}
}
}
$basePath = $OctopusParameters["CustomInstallDirectory"]
$writePermissionsTo = "IIS_IUSRS";
ApplyPermission "$basePath\logs" $writePermissionsTo "FullControl"
ApplyPermission "$basePath\uploads" $writePermissionsTo "FullControl"
You’ll see that first I’ve created a function which takes a path and a list of users (comma-separated), then I call it for each of the directories that I need to run this update for.
I could put some more of the variables (e.g. the list of users to grant access to) into an Octopus Variable, but I see no need for my situation as this is the only change I’ve ever had to make.
I’d like to give credit to this template item over at the Octopus Deploy Library for getting me started with the script commands for doing the permission changes.
If you have any issues using this, feel free to reach out to me, but I hope this is of assistance to others out there on the path of awesome usage of Octopus Deploy!