From 751ae140813e45e3a48b0e3ed7ab08c5461c5e51 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Tue, 9 Feb 2016 11:19:25 +0200 Subject: Restrict permissions on public/uploads --- doc/install/installation.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/install/installation.md b/doc/install/installation.md index 3eb9b1767c5..0e569d34772 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -268,10 +268,11 @@ sudo usermod -aG redis git sudo chmod -R u+rwX tmp/sockets/ # Create the public/uploads/ directory - sudo -u git -H mkdir public/uploads/ + sudo -u git -H mkdir -m 0700 public/uploads/ - # Make sure GitLab can write to the public/uploads/ directory - sudo chmod -R u+rwX public/uploads + # Make sure only the GitLab user has access to the public/uploads/ directory + # now that files in public/uploads are served by gitlab-workhorse + sudo chmod -R go-rwX public/uploads # Change the permissions of the directory where CI build traces are stored sudo chmod -R u+rwX builds/ -- cgit v1.2.1 From a1a6f3cc737e03a8649d7cb98c3ee089133e34d7 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Wed, 10 Feb 2016 16:52:02 +0200 Subject: Simplify permissions creation [ci skip] --- doc/install/installation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/install/installation.md b/doc/install/installation.md index 0e569d34772..6467a395732 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -268,11 +268,11 @@ sudo usermod -aG redis git sudo chmod -R u+rwX tmp/sockets/ # Create the public/uploads/ directory - sudo -u git -H mkdir -m 0700 public/uploads/ + sudo -u git -H mkdir public/uploads/ # Make sure only the GitLab user has access to the public/uploads/ directory # now that files in public/uploads are served by gitlab-workhorse - sudo chmod -R go-rwX public/uploads + sudo chmod 0700 public/uploads # Change the permissions of the directory where CI build traces are stored sudo chmod -R u+rwX builds/ -- cgit v1.2.1