Commit c816dcc10513731f0ef0c1b247fef1ef1287dd7c
1 parent
29baadf0
Exists in
master
and in
4 other branches
Don't setuid the repositories (Rake checks)
Showing
2 changed files
with
6 additions
and
4 deletions
Show diff stats
doc/raketasks/maintenance.md
| @@ -94,7 +94,7 @@ Config directory owned by git:git? ... yes | @@ -94,7 +94,7 @@ Config directory owned by git:git? ... yes | ||
| 94 | Config directory access is drwxr-x---? ... yes | 94 | Config directory access is drwxr-x---? ... yes |
| 95 | Repo base directory exists? ... yes | 95 | Repo base directory exists? ... yes |
| 96 | Repo base owned by git:git? ... yes | 96 | Repo base owned by git:git? ... yes |
| 97 | -Repo base access is drwsrws---? ... yes | 97 | +Repo base access is drwxrws---? ... yes |
| 98 | Can clone gitolite-admin? ... yes | 98 | Can clone gitolite-admin? ... yes |
| 99 | Can commit to gitolite-admin? ... yes | 99 | Can commit to gitolite-admin? ... yes |
| 100 | post-receive hook exists? ... yes | 100 | post-receive hook exists? ... yes |
lib/tasks/gitlab/check.rake
| @@ -693,7 +693,7 @@ namespace :gitlab do | @@ -693,7 +693,7 @@ namespace :gitlab do | ||
| 693 | end | 693 | end |
| 694 | 694 | ||
| 695 | def check_repo_base_permissions | 695 | def check_repo_base_permissions |
| 696 | - print "Repo base access is drwsrws---? ... " | 696 | + print "Repo base access is drwxrws---? ... " |
| 697 | 697 | ||
| 698 | repo_base_path = Gitlab.config.gitolite.repos_path | 698 | repo_base_path = Gitlab.config.gitolite.repos_path |
| 699 | unless File.exists?(repo_base_path) | 699 | unless File.exists?(repo_base_path) |
| @@ -701,13 +701,15 @@ namespace :gitlab do | @@ -701,13 +701,15 @@ namespace :gitlab do | ||
| 701 | return | 701 | return |
| 702 | end | 702 | end |
| 703 | 703 | ||
| 704 | - if `stat --printf %a #{repo_base_path}` == "6770" | 704 | + if `stat --printf %a #{repo_base_path}` == "2770" |
| 705 | puts "yes".green | 705 | puts "yes".green |
| 706 | else | 706 | else |
| 707 | puts "no".red | 707 | puts "no".red |
| 708 | puts "#{repo_base_path} is not writable".red | 708 | puts "#{repo_base_path} is not writable".red |
| 709 | try_fixing_it( | 709 | try_fixing_it( |
| 710 | - "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}" | 710 | + "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}", |
| 711 | + "sudo chmod -R u-s #{repo_base_path}", | ||
| 712 | + "find -type d #{repo_base_path} -print0 | sudo xargs -0 chmod g+s" | ||
| 711 | ) | 713 | ) |
| 712 | for_more_information( | 714 | for_more_information( |
| 713 | see_installation_guide_section "Gitolite" | 715 | see_installation_guide_section "Gitolite" |