Merge pull request #2440 from klamontagne/master

Don't setuid the repositories on installation

Merge pull request #2440 from klamontagne/master
Don't setuid the repositories on installation
Riyad Preukschas
2 parents 0965aeb2 f4175219
Showing 3 changed files with 8 additions and 5 deletions Show diff stats
doc/install/installation.md
doc/raketasks/maintenance.md
lib/tasks/gitlab/check.rake
@@ -145,8 +145,9 @@ Fix the directory permissions for the configuration directory:
 Fix the directory permissions for the repositories:
  
     # Make sure the repositories dir is owned by git and it stays that way
-    sudo chmod -R ug+rwXs,o-rwx /home/git/repositories/
+    sudo chmod -R ug+rwX,o-rwx /home/git/repositories/
     sudo chown -R git:git /home/git/repositories/
+    find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s 
  
  
 ## Add domains to list to the list of known hosts
@@ -81,7 +81,7 @@ Config directory owned by git:git? ... yes
 Config directory access is drwxr-x---? ... yes
 Repo base directory exists? ... yes
 Repo base owned by git:git? ... yes
-Repo base access is drwsrws---? ... yes
+Repo base access is drwxrws---? ... yes
 Can clone gitolite-admin? ... yes
 Can commit to gitolite-admin? ... yes
 post-receive hook exists? ... yes
@@ -716,7 +716,7 @@ namespace :gitlab do
     end
  
     def check_repo_base_permissions
-      print "Repo base access is drwsrws---? ... "
+      print "Repo base access is drwxrws---? ... "
  
       repo_base_path = Gitlab.config.gitolite.repos_path
       unless File.exists?(repo_base_path)
@@ -724,12 +724,14 @@ namespace :gitlab do
         return
       end
  
-      if File.stat(repo_base_path).mode.to_s(8).ends_with?("6770")
+      if File.stat(repo_base_path).mode.to_s(8).ends_with?("2770")
         puts "yes".green
       else
         puts "no".red
         try_fixing_it(
-          "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}"
+          "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}",
+          "sudo chmod -R u-s #{repo_base_path}",
+          "find #{repo_base_path} -type d -print0 | sudo xargs -0 chmod g+s"
         )
         for_more_information(
           see_installation_guide_section "Gitolite"
...	...	@@ -145,8 +145,9 @@ Fix the directory permissions for the configuration directory:
145	145	Fix the directory permissions for the repositories:
146	146
147	147	# Make sure the repositories dir is owned by git and it stays that way
148		- sudo chmod -R ug+rwXs,o-rwx /home/git/repositories/
	148	+ sudo chmod -R ug+rwX,o-rwx /home/git/repositories/
149	149	sudo chown -R git:git /home/git/repositories/
	150	+ find /home/git/repositories -type d -print0 \| sudo xargs -0 chmod g+s
150	151
151	152
152	153	## Add domains to list to the list of known hosts
...	...
...	...	@@ -81,7 +81,7 @@ Config directory owned by git:git? ... yes
81	81	Config directory access is drwxr-x---? ... yes
82	82	Repo base directory exists? ... yes
83	83	Repo base owned by git:git? ... yes
84		-Repo base access is drwsrws---? ... yes
	84	+Repo base access is drwxrws---? ... yes
85	85	Can clone gitolite-admin? ... yes
86	86	Can commit to gitolite-admin? ... yes
87	87	post-receive hook exists? ... yes
...	...
...	...	@@ -716,7 +716,7 @@ namespace :gitlab do
716	716	end
717	717
718	718	def check_repo_base_permissions
719		- print "Repo base access is drwsrws---? ... "
	719	+ print "Repo base access is drwxrws---? ... "
720	720
721	721	repo_base_path = Gitlab.config.gitolite.repos_path
722	722	unless File.exists?(repo_base_path)
...	...	@@ -724,12 +724,14 @@ namespace :gitlab do
724	724	return
725	725	end
726	726
727		- if File.stat(repo_base_path).mode.to_s(8).ends_with?("6770")
	727	+ if File.stat(repo_base_path).mode.to_s(8).ends_with?("2770")
728	728	puts "yes".green
729	729	else
730	730	puts "no".red
731	731	try_fixing_it(
732		- "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}"
	732	+ "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}",
	733	+ "sudo chmod -R u-s #{repo_base_path}",
	734	+ "find #{repo_base_path} -type d -print0 \| sudo xargs -0 chmod g+s"
733	735	)
734	736	for_more_information(
735	737	see_installation_guide_section "Gitolite"
...	...