Sail 0.10.5 has been released with quite a few improvements and a new command to enable/disable SFTP access to your server.
On most Linux systems, SFTP/SSH is disabled for the www-data user by default, mainly for security purposes. While you can still fully access the server as the root user with Sail, doing so (especially over SFTP) often results in broken permissions (owner, group, etc.) for your application files.
The new sail sftp enable command grants SSH access to the www-data user. This allows users to access SFTP and other SSH-based utilities, such as scp and Rsync, while retaining www-data ownership/groups. This also means that you no longer have to deal with the deploy method, if you’d like to make code changes to your site. You can use a GUI-client, such as FileZilla:
Note that when enabling SFTP, the authorized keys for the root user are automatically copied to the www-data user, which means you’ll need to point your SFTP client to the .sail/ssh.key file, or an SSH key which you explicitly added to Sail.
It’s worth noting that granting SFTP is only needed if you intend to use SFTP, Rsync and other similar tools. If you simply want to access your server via SSH using the www-data user (to run WP-CLI commands for example), you can already do that without any additional grants:
$ sail ssh
uid=33(www-data) gid=33(www-data) groups=33(www-data)
To revoke SSH/SFTP access as the www-data user, run sail sftp disable.
Copy Files via Blueprints
A new files section is now available for Sail’s YAML blueprints system. This section allows users to copy specific files from their local filesystem to the target server. Good examples are various dotfiles (such as .vimrc, .bashrc), or perhaps private WordPress plugins which you use across multiple projects.
If you’re new to Sail blueprints, our knowledgebase is a great place to start.
Some smaller quality of life changes and bugfixes have also landed in this release:
- Enabled the MySQL slow log by default for new provisions. This logs queries that took longer than 2 seconds. To view these queries use sail logs with the new
- The sail domain list command now supports the
--jsonflag for easier integrations.
- Added the php-intl package to new provisions per WordPress core recommendations.
- Added a logrotate configuration for wp-content/debug.log, denied public access for better security.
- Made it slightly harder to sail destroy servers by requiring removing any domains first. This should protect against accidental destroys.
- Added quick priming of new provisions prior to downloading application files. This allows plugins to run their install routines which may create additional files.
- Reset Postfix configs permissions during install/update.
For the full list of changes/commits, please refer to our GitHub repository.
To upgrade Sail to the latest version, use the following command:
curl -sSLf https://sailed.io/install.sh | bash
If you’ve installed Sail using other methods, such as Homebrew or PyPI, please refer to our installation/upgrade guide in the Knowledgebase. If you have any questions or problems with upgrading or using Sail, don’t hesitate to get in touch.