Improve Deploy Speed by Replacing Slow Permissions Task (drupal:permissions:recommended)Β #47
Description
π Improve Deploy Speed by Replacing Slow Permissions Task (drupal:permissions:recommended)
π¬οΈ Is your feature request related to a problem? Please describe.
Capistrano deploys using drupal:permissions:recommended spend 40β50 seconds running:
find ./ -type f ! -perm 444 -exec chmod 444 {} \;This task is one of the biggest bottlenecks during our Drupal deployment process. For teams doing 100β200 deploys per month across multiple projects, this results in hours of cumulative time lost.
The current approach is also overly strict on how it applies file-level permissions β running one chmod per file rather than batching them efficiently.
π§Ύ Describe the solution you'd like
We replaced drupal:permissions:recommended with a new task:
desc 'Apply secure file & directory permissions to full release (files 444, dirs 555)'
task :secure_release_permissions do
on roles(:app) do
within release_path do
info "π Securing file & directory permissions on release..."
execute :find, '.', '-type', 'f', '!', '-perm', '444', '-exec', 'chmod', '444', '{}', '+'
execute :find, '.', '-type', 'd', '!', '-perm', '555', '-exec', 'chmod', '555', '{}', '+'
end
end
endThis drops deployment time by 45+ seconds per deploy, while preserving the same security posture β locking files to read-only (444) and directories to execute-only (555) for non-writable shared folders.
βοΈ Describe alternatives you've considered
- Keeping the original
drupal:permissions:recommendedtask (but it's too slow) - Running
chmod -Rmanually (not safe, as it recursively applies wrong perms to writable folders) - Delaying permissions until after release activation (adds complexity and risk)
This fast replacement is safe, atomic, and backwards-compatible β just needs to be swapped into the Capistrano flow with:
after :updated, "drupal:permissions:secure_release_permissions"Let me know if you'd like a PR β happy to upstream it!