Commit c816dcc10513731f0ef0c1b247fef1ef1287dd7c
1 parent
29baadf0
Exists in
master
and in
4 other branches
Don't setuid the repositories (Rake checks)
Showing
2 changed files
with
6 additions
and
4 deletions
Show diff stats
doc/raketasks/maintenance.md
| ... | ... | @@ -94,7 +94,7 @@ Config directory owned by git:git? ... yes |
| 94 | 94 | Config directory access is drwxr-x---? ... yes |
| 95 | 95 | Repo base directory exists? ... yes |
| 96 | 96 | Repo base owned by git:git? ... yes |
| 97 | -Repo base access is drwsrws---? ... yes | |
| 97 | +Repo base access is drwxrws---? ... yes | |
| 98 | 98 | Can clone gitolite-admin? ... yes |
| 99 | 99 | Can commit to gitolite-admin? ... yes |
| 100 | 100 | post-receive hook exists? ... yes | ... | ... |
lib/tasks/gitlab/check.rake
| ... | ... | @@ -693,7 +693,7 @@ namespace :gitlab do |
| 693 | 693 | end |
| 694 | 694 | |
| 695 | 695 | def check_repo_base_permissions |
| 696 | - print "Repo base access is drwsrws---? ... " | |
| 696 | + print "Repo base access is drwxrws---? ... " | |
| 697 | 697 | |
| 698 | 698 | repo_base_path = Gitlab.config.gitolite.repos_path |
| 699 | 699 | unless File.exists?(repo_base_path) |
| ... | ... | @@ -701,13 +701,15 @@ namespace :gitlab do |
| 701 | 701 | return |
| 702 | 702 | end |
| 703 | 703 | |
| 704 | - if `stat --printf %a #{repo_base_path}` == "6770" | |
| 704 | + if `stat --printf %a #{repo_base_path}` == "2770" | |
| 705 | 705 | puts "yes".green |
| 706 | 706 | else |
| 707 | 707 | puts "no".red |
| 708 | 708 | puts "#{repo_base_path} is not writable".red |
| 709 | 709 | try_fixing_it( |
| 710 | - "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}" | |
| 710 | + "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}", | |
| 711 | + "sudo chmod -R u-s #{repo_base_path}", | |
| 712 | + "find -type d #{repo_base_path} -print0 | sudo xargs -0 chmod g+s" | |
| 711 | 713 | ) |
| 712 | 714 | for_more_information( |
| 713 | 715 | see_installation_guide_section "Gitolite" | ... | ... |