Download as
Browse Code »

Commit d27d77add837f77d87d6a42dd5721156ad232390

Authored by Jacob Vosmaer
2 parents 2838abd6 ce8313e6
Exists in master and in 9 other branches 7-0-stable, 7-0-stable-ee, 7-0-stable-spb, 7-1-stable, 7-1-stable-ee, 7-2-stable, 7-2-stable-ee, branch_test, nginx_ssl_tweaks

Merge branch 'log_directories' into 'master' 

Log directory permissions
Showing 3 changed files with 19 additions and 22 deletions   Show diff stats
@@ -19,6 +19,7 @@ omnibus-gitlab repository. @@ -19,6 +19,7 @@ omnibus-gitlab repository.
19 - Update Git to version 2.0.0 19 - Update Git to version 2.0.0
20 - Make Runit log rotation configurable 20 - Make Runit log rotation configurable
21 - Change default Runit log rotation from 10x1MB to 30x24h 21 - Change default Runit log rotation from 10x1MB to 30x24h
  22 +- Security: Restrict redis and postgresql log directory permissions to 0700
22 23
23 6.9.2 24 6.9.2
24 - Create the authorized-keys.lock file for gitlab-shell 1.9.4 25 - Create the authorized-keys.lock file for gitlab-shell 1.9.4
files/gitlab-cookbooks/gitlab/recipes/postgresql.rb
  Diff comments   View file @d27d77a
@@ -34,20 +34,16 @@ user postgresql_user do @@ -34,20 +34,16 @@ user postgresql_user do
34 home node['gitlab']['postgresql']['home'] 34 home node['gitlab']['postgresql']['home']
35 end 35 end
36 36
37 -directory postgresql_log_dir do  
38 - owner node['gitlab']['postgresql']['username']  
39 - recursive true  
40 -end  
41 -  
42 -directory postgresql_dir do  
43 - owner node['gitlab']['postgresql']['username']  
44 - mode "0700"  
45 -end  
46 -  
47 -directory postgresql_data_dir do  
48 - owner node['gitlab']['postgresql']['username']  
49 - mode "0700"  
50 - recursive true 37 +[
  38 + postgresql_dir,
  39 + postgresql_data_dir,
  40 + postgresql_log_dir
  41 +].each do |dir|
  42 + directory dir do
  43 + owner node['gitlab']['postgresql']['username']
  44 + mode "0700"
  45 + recursive true
  46 + end
51 end 47 end
52 48
53 link postgresql_data_dir_symlink do 49 link postgresql_data_dir_symlink do
files/gitlab-cookbooks/gitlab/recipes/redis.rb
  Diff comments   View file @d27d77a
@@ -32,14 +32,14 @@ user redis_user do @@ -32,14 +32,14 @@ user redis_user do
32 home node['gitlab']['redis']['home'] 32 home node['gitlab']['redis']['home']
33 end 33 end
34 34
35 -directory redis_log_dir do  
36 - owner node['gitlab']['redis']['username']  
37 - recursive true  
38 -end  
39 -  
40 -directory redis_dir do  
41 - owner node['gitlab']['redis']['username']  
42 - mode "0700" 35 +[
  36 + redis_dir,
  37 + redis_log_dir
  38 +].each do |dir|
  39 + directory dir do
  40 + owner node['gitlab']['redis']['username']
  41 + mode "0700"
  42 + end
43 end 43 end
44 44
45 redis_config = File.join(redis_dir, "redis.conf") 45 redis_config = File.join(redis_dir, "redis.conf")