PermissionError: [Errno 13] Permission denied when trying to deploy

fp-pwa · September 24, 2025, 10:04pm

Thanks, it indeed solved the issue related to ssh key.

Another issue came up : when trying to deploy the site to staging, I get this error :

TASK [deploy : Initialize] *****************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: PermissionError: [Errno 13] Permission denied: ‘/srv/www/colibri.ac/releases’
fatal: [staging-003-vps-c2fce4a6.pwa.paris]: FAILED! => {“changed”: false, “module_stderr”: “Traceback (most recent call last):\n File "", line 107, in \n File "", line 99, in _ansiballz_main\n File "", line 47, in invoke_module\n File "", line 226, in run_module\n File "", line 98, in _run_module_code\n File "", line 88, in _run_code\n File "/tmp/ansible_deploy_helper_payload_h9j2_s11/ansible_deploy_helper_payload.zip/ansible_collections/community/general/plugins/modules/deploy_helper.py", line 523, in \n File "/tmp/ansible_deploy_helper_payload_h9j2_s11/ansible_deploy_helper_payload.zip/ansible_collections/community/general/plugins/modules/deploy_helper.py", line 487, in main\n File "/tmp/ansible_deploy_helper_payload_h9j2_s11/ansible_deploy_helper_payload.zip/ansible_collections/community/general/plugins/modules/deploy_helper.py", line 344, in create_path\n File "", line 225, in makedirs\nPermissionError: [Errno 13] Permission denied: ‘/srv/www/colibri.ac/releases’\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE: No start of json char found\nSee stdout/stderr for the exact error”, “rc”: 1}

any idea ?

ben · September 24, 2025, 10:11pm

fp-pwa · September 25, 2025, 9:47am

I tried several times to reinstall the vps without success.
I also tried on another dedicated bare server, same error.
Also tried running trellis provision staging several times.

PLAY RECAP *********************************************************************************************************************
ns3146391 : ok=131 changed=4 unreachable=0 failed=0 skipped=66 rescued=0 ignored=0

Still getting this permission error.
The permissions look good when I ssh to the server,
folder belongs to web:www-data.

Tetrahedrax · September 25, 2025, 10:58am

Can you try with another host? Try with Hetzner, are you still getting the same error?

fp-pwa · September 25, 2025, 12:41pm

I will try and see if any better.

Are there some hosts that are not compatible with trellis ?
All my servers are hosted on OVH (vps and dedicated)

Tetrahedrax · September 25, 2025, 12:46pm

I’d assume that if the server is running Ubuntu and you set the right root username, then they all should work.

Who knows though?

fp-pwa · September 25, 2025, 1:40pm

you set the right root username

In my host file, I set ansible_user=ubuntuis it right ?

If I remove it, when I try to deploy, I get the following message
Failed to connect to the host via ssh: ``[email protected]``: Permission denied (publickey).

I might have done something wrong

Tetrahedrax · September 25, 2025, 1:58pm

The ansible_user should be “root” on DO. “ubuntu” is AWS, I think.

fp-pwa · September 25, 2025, 2:56pm

I have tried with

DigitalOcean
user : root
provision → OK
deploy → fatal: [droplet-001]: FAILED! => {“changed”: false, “msg”: “Do not run Composer as root/super user! See https://getcomposer.org/root` for details Aborting as no plugin should be loaded if running as super user is not explicitly allowed”}`

OVH (vps and dedicated, I guess similar to AWS)
user : ubuntu
provision → OK
deploy → The error was: PermissionError: [Errno 13] Permission denied

Will try with Hetzner

strarsis · September 25, 2025, 4:21pm

Can you check the owner and permissions of /srv/www/colibri.ac/releases.

As what user are you deploying? Is there an admin and a web user from provisioning?

fp-pwa · September 25, 2025, 6:49pm

in my case, owner of website folder is always web:www-data
I didn’t set any other user than the one the server is provisionned with (ubuntu or root).

Your help is much apprenciated, thanks

MWDelaney · September 25, 2025, 7:53pm

This kind of error can happen if you choose the wrong Ubuntu version when creating your droplet. Assure that you’re choosing a supported version; 22.04 at the time of this writing.

fp-pwa · September 25, 2025, 8:20pm

from the doc, it says

Trellis provisions a base Ubuntu 24.04

So that’s the one I am using. I will still try with 22.04 and see if any better.

fp-pwa · September 27, 2025, 4:02pm

Hi there,

After spending some time trying to figure out the issue, here are some more informations :

DO : provision + deploy → OK

Hetzner : provision + deploy → OK

OVH (vps and dedicated server)

with ansible_user=ubuntu
provision → OK
deploy → permission issue
without ansible_user
provision → not possible unless I manually add my ssh key, connecting firstly with ubuntu
deploy → OK

It looks like there is a permission issue when deploying with ubuntu user.

I don’t know what’s wrong with their server as I tried with Ubutun 22.04 and 24.04.
I have all my infrastructure already on OVH so I don’t know if I am ready to move to another host.

Am I missing something or is there a better solution instead of
1 - provisionning with ubuntu user setting ansible_user=ubuntu in host file
2 - remove ansible_user=ubuntu from host file
3 - deploy

strarsis · September 27, 2025, 10:25pm

How does your Trellis hosts/production configuration file look like?
Is there an ansible_user or ansible_ssh_user specified?

fp-pwa · September 29, 2025, 8:56am

Here is my host file

[staging] 
vps-c2fce4a6 ansible_host=xx.xx.xx.xx ansible_ssh_private_key_file=~/.ssh/id_rsa

[web]
vps-c2fce4a6

As previously said, the only way I found is to set
ansible_user=ubuntufor the first provisionning, then remove it.

If I leave it, I get this permission issue.

strarsis · September 29, 2025, 5:50pm

Is that the private key that is also allowed by Trellis for SSH as admin and web user?

You can add additional (public) keys to the admin and web user in Trellis configuration.

github.com/roots/trellis

group_vars/all/users.yml

852af29f4

# Documentation: https://roots.io/trellis/docs/ssh-keys/
admin_user: admin

# Also define 'vault_users' (`group_vars/staging/vault.yml`, `group_vars/production/vault.yml`)
users:
  - name: "{{ web_user }}"
    groups:
      - "{{ web_group }}"
    keys:
      - "{{ lookup('file', '~/.ssh/id_rsa.pub', errors='ignore') }}"
      - "{{ lookup('file', '~/.ssh/id_ed25519.pub', errors='ignore') }}"
      # - https://github.com/username.keys
  - name: "{{ admin_user }}"
    groups:
      - sudo
    keys:
      - "{{ lookup('file', '~/.ssh/id_rsa.pub', errors='ignore') }}"
      - "{{ lookup('file', '~/.ssh/id_ed25519.pub', errors='ignore') }}"
      # - https://github.com/username.keys

This file has been truncated. show original

fp-pwa · October 2, 2025, 8:51am

Yes it is the same key, also the one provided to the host when installing the server (so for root or ubuntu user)

By the way, one question, what’s the difference between setting the public key in group_vars/all/users.yml and copying the public key in the folder trellis/public_keys?

strarsis · October 2, 2025, 12:27pm

Does a manually ssh into the Trellis server as admin@ and web@ work, using the same private key as Ansible does during deploy/provision?

fp-pwa · October 14, 2025, 10:55pm

Hi there,

Sorry, I missed your reply.

Yes, ssh admin@ and web@ works with the same private key.
It looks like after provisionning the server, the www_root folder doesn’t have the correct permission (doesn’t belong to web:www-data