Commit 03b8dcce87c976a37a4de044e9f7cdfb8d64a3b7
1 parent
973f9d30
Exists in
spb-stable
and in
3 other branches
Change the satellites directory permission in the install guide, add to rake check task.
Showing
3 changed files
with
26 additions
and
0 deletions
Show diff stats
CHANGELOG
| @@ -6,6 +6,7 @@ v 6.8.0 | @@ -6,6 +6,7 @@ v 6.8.0 | ||
| 6 | - Drop all tables before restoring a Postgres backup | 6 | - Drop all tables before restoring a Postgres backup |
| 7 | - Make the repository downloads path configurable | 7 | - Make the repository downloads path configurable |
| 8 | - Create branches via API (sponsored by O'Reilly Media) | 8 | - Create branches via API (sponsored by O'Reilly Media) |
| 9 | + - Changed permission of gitlab-satellites directory not to be world accessible | ||
| 9 | 10 | ||
| 10 | v 6.7.2 | 11 | v 6.7.2 |
| 11 | - Fix upgrader script | 12 | - Fix upgrader script |
doc/install/installation.md
| @@ -202,6 +202,7 @@ You can change `6-6-stable` to `master` if you want the *bleeding edge* version, | @@ -202,6 +202,7 @@ You can change `6-6-stable` to `master` if you want the *bleeding edge* version, | ||
| 202 | 202 | ||
| 203 | # Create directory for satellites | 203 | # Create directory for satellites |
| 204 | sudo -u git -H mkdir /home/git/gitlab-satellites | 204 | sudo -u git -H mkdir /home/git/gitlab-satellites |
| 205 | + sudo chmod o-rwx /home/git/gitlab-satellites | ||
| 205 | 206 | ||
| 206 | # Create directories for sockets/pids and make sure GitLab can write to them | 207 | # Create directories for sockets/pids and make sure GitLab can write to them |
| 207 | sudo -u git -H mkdir tmp/pids/ | 208 | sudo -u git -H mkdir tmp/pids/ |
lib/tasks/gitlab/check.rake
| @@ -342,6 +342,7 @@ namespace :gitlab do | @@ -342,6 +342,7 @@ namespace :gitlab do | ||
| 342 | check_repo_base_is_not_symlink | 342 | check_repo_base_is_not_symlink |
| 343 | check_repo_base_user_and_group | 343 | check_repo_base_user_and_group |
| 344 | check_repo_base_permissions | 344 | check_repo_base_permissions |
| 345 | + check_satellites_permissions | ||
| 345 | check_update_hook_is_up_to_date | 346 | check_update_hook_is_up_to_date |
| 346 | check_repos_update_hooks_is_link | 347 | check_repos_update_hooks_is_link |
| 347 | check_gitlab_shell_self_test | 348 | check_gitlab_shell_self_test |
| @@ -443,6 +444,29 @@ namespace :gitlab do | @@ -443,6 +444,29 @@ namespace :gitlab do | ||
| 443 | end | 444 | end |
| 444 | end | 445 | end |
| 445 | 446 | ||
| 447 | + def check_satellites_permissions | ||
| 448 | + print "Satellites access is drwxr-x---? ... " | ||
| 449 | + | ||
| 450 | + satellites_path = Gitlab.config.satellites.path | ||
| 451 | + unless File.exists?(satellites_path) | ||
| 452 | + puts "can't check because of previous errors".magenta | ||
| 453 | + return | ||
| 454 | + end | ||
| 455 | + | ||
| 456 | + if File.stat(satellites_path).mode.to_s(8).ends_with?("0750") | ||
| 457 | + puts "yes".green | ||
| 458 | + else | ||
| 459 | + puts "no".red | ||
| 460 | + try_fixing_it( | ||
| 461 | + "sudo chmod u+rwx,g+rx,o-rwx #{satellites_path}", | ||
| 462 | + ) | ||
| 463 | + for_more_information( | ||
| 464 | + see_installation_guide_section "GitLab" | ||
| 465 | + ) | ||
| 466 | + fix_and_rerun | ||
| 467 | + end | ||
| 468 | + end | ||
| 469 | + | ||
| 446 | def check_repo_base_user_and_group | 470 | def check_repo_base_user_and_group |
| 447 | gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user | 471 | gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user |
| 448 | gitlab_shell_owner_group = Gitlab.config.gitlab_shell.owner_group | 472 | gitlab_shell_owner_group = Gitlab.config.gitlab_shell.owner_group |