security issue: deployment user => :yes or :no?

Hi everybody,

I run Linux on my server and am thinking of diving into capistrano for deployment. However I’m not sure whether I should follow the advice of having a special user for deployment (say deploy). Maybe somebody could give me some advice from their experience. What and where are the risks of not don’t it the described way. How and to what shall I restrict that particular user to avoid unnecessary hacks?

I already got a user and a group for the git repositories. (the git user is bound to the git-shell)

Thanks in advance.


among other reasons, so you can look at the logs and be able to
differentiate between connections from "deploy" and connections from

why aren't you sure you should use a separate account?