diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-04-02 15:30:26 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-04-02 15:30:26 +0000 |
| commit | dc8bd607076cdb7533d700780ea25c3586ee62d8 (patch) | |
| tree | 7e2387410aa2a6e2da2944eeefd1c208950febac | |
| parent | 2ab53dfb1cc7f811e9a98aa42f3b30fc9d4f1012 (diff) | |
| parent | 03b8dcce87c976a37a4de044e9f7cdfb8d64a3b7 (diff) | |
| download | gitlab-ce-dc8bd607076cdb7533d700780ea25c3586ee62d8.tar.gz | |
Merge branch 'satellites_permission' into 'master'
Update satellites directory permissions
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | doc/install/installation.md | 1 | ||||
| -rw-r--r-- | lib/tasks/gitlab/check.rake | 24 |
3 files changed, 26 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index d936986a779..1b742a4d9b2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,7 @@ v 6.8.0 - Drop all tables before restoring a Postgres backup - Make the repository downloads path configurable - Create branches via API (sponsored by O'Reilly Media) + - Changed permission of gitlab-satellites directory not to be world accessible v 6.7.2 - Fix upgrader script diff --git a/doc/install/installation.md b/doc/install/installation.md index addb21b50e0..efcba2f69bf 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -202,6 +202,7 @@ You can change `6-6-stable` to `master` if you want the *bleeding edge* version, # Create directory for satellites sudo -u git -H mkdir /home/git/gitlab-satellites + sudo chmod o-rwx /home/git/gitlab-satellites # Create directories for sockets/pids and make sure GitLab can write to them sudo -u git -H mkdir tmp/pids/ diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake index 3b9b2531bf7..e9258cc626b 100644 --- a/lib/tasks/gitlab/check.rake +++ b/lib/tasks/gitlab/check.rake @@ -342,6 +342,7 @@ namespace :gitlab do check_repo_base_is_not_symlink check_repo_base_user_and_group check_repo_base_permissions + check_satellites_permissions check_update_hook_is_up_to_date check_repos_update_hooks_is_link check_gitlab_shell_self_test @@ -443,6 +444,29 @@ namespace :gitlab do end end + def check_satellites_permissions + print "Satellites access is drwxr-x---? ... " + + satellites_path = Gitlab.config.satellites.path + unless File.exists?(satellites_path) + puts "can't check because of previous errors".magenta + return + end + + if File.stat(satellites_path).mode.to_s(8).ends_with?("0750") + puts "yes".green + else + puts "no".red + try_fixing_it( + "sudo chmod u+rwx,g+rx,o-rwx #{satellites_path}", + ) + for_more_information( + see_installation_guide_section "GitLab" + ) + fix_and_rerun + end + end + def check_repo_base_user_and_group gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user gitlab_shell_owner_group = Gitlab.config.gitlab_shell.owner_group |