Commit 003c3121049aef98bf37f048563b2ab892207620
Exists in
master
and in
4 other branches
Merge pull request #2440 from klamontagne/master
Don't setuid the repositories on installation
Showing
3 changed files
with
8 additions
and
5 deletions
Show diff stats
doc/install/installation.md
| @@ -145,8 +145,9 @@ Fix the directory permissions for the configuration directory: | @@ -145,8 +145,9 @@ Fix the directory permissions for the configuration directory: | ||
| 145 | Fix the directory permissions for the repositories: | 145 | Fix the directory permissions for the repositories: |
| 146 | 146 | ||
| 147 | # Make sure the repositories dir is owned by git and it stays that way | 147 | # Make sure the repositories dir is owned by git and it stays that way |
| 148 | - sudo chmod -R ug+rwXs,o-rwx /home/git/repositories/ | 148 | + sudo chmod -R ug+rwX,o-rwx /home/git/repositories/ |
| 149 | sudo chown -R git:git /home/git/repositories/ | 149 | sudo chown -R git:git /home/git/repositories/ |
| 150 | + find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s | ||
| 150 | 151 | ||
| 151 | 152 | ||
| 152 | ## Add domains to list to the list of known hosts | 153 | ## Add domains to list to the list of known hosts |
doc/raketasks/maintenance.md
| @@ -81,7 +81,7 @@ Config directory owned by git:git? ... yes | @@ -81,7 +81,7 @@ Config directory owned by git:git? ... yes | ||
| 81 | Config directory access is drwxr-x---? ... yes | 81 | Config directory access is drwxr-x---? ... yes |
| 82 | Repo base directory exists? ... yes | 82 | Repo base directory exists? ... yes |
| 83 | Repo base owned by git:git? ... yes | 83 | Repo base owned by git:git? ... yes |
| 84 | -Repo base access is drwsrws---? ... yes | 84 | +Repo base access is drwxrws---? ... yes |
| 85 | Can clone gitolite-admin? ... yes | 85 | Can clone gitolite-admin? ... yes |
| 86 | Can commit to gitolite-admin? ... yes | 86 | Can commit to gitolite-admin? ... yes |
| 87 | post-receive hook exists? ... yes | 87 | post-receive hook exists? ... yes |
lib/tasks/gitlab/check.rake
| @@ -716,7 +716,7 @@ namespace :gitlab do | @@ -716,7 +716,7 @@ namespace :gitlab do | ||
| 716 | end | 716 | end |
| 717 | 717 | ||
| 718 | def check_repo_base_permissions | 718 | def check_repo_base_permissions |
| 719 | - print "Repo base access is drwsrws---? ... " | 719 | + print "Repo base access is drwxrws---? ... " |
| 720 | 720 | ||
| 721 | repo_base_path = Gitlab.config.gitolite.repos_path | 721 | repo_base_path = Gitlab.config.gitolite.repos_path |
| 722 | unless File.exists?(repo_base_path) | 722 | unless File.exists?(repo_base_path) |
| @@ -724,12 +724,14 @@ namespace :gitlab do | @@ -724,12 +724,14 @@ namespace :gitlab do | ||
| 724 | return | 724 | return |
| 725 | end | 725 | end |
| 726 | 726 | ||
| 727 | - if File.stat(repo_base_path).mode.to_s(8).ends_with?("6770") | 727 | + if File.stat(repo_base_path).mode.to_s(8).ends_with?("2770") |
| 728 | puts "yes".green | 728 | puts "yes".green |
| 729 | else | 729 | else |
| 730 | puts "no".red | 730 | puts "no".red |
| 731 | try_fixing_it( | 731 | try_fixing_it( |
| 732 | - "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}" | 732 | + "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}", |
| 733 | + "sudo chmod -R u-s #{repo_base_path}", | ||
| 734 | + "find #{repo_base_path} -type d -print0 | sudo xargs -0 chmod g+s" | ||
| 733 | ) | 735 | ) |
| 734 | for_more_information( | 736 | for_more_information( |
| 735 | see_installation_guide_section "Gitolite" | 737 | see_installation_guide_section "Gitolite" |