Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
751ae140
Commit
751ae140
authored
Feb 09, 2016
by
Achilleas Pipinellis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Restrict permissions on public/uploads
parent
555b1a62
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
11 additions
and
9 deletions
+11
-9
doc/install/installation.md
doc/install/installation.md
+4
-3
lib/tasks/gitlab/check.rake
lib/tasks/gitlab/check.rake
+7
-6
No files found.
doc/install/installation.md
View file @
751ae140
...
...
@@ -268,10 +268,11 @@ sudo usermod -aG redis git
sudo chmod -R u+rwX tmp/sockets/
# Create the public/uploads/ directory
sudo -u git -H mkdir public/uploads/
sudo -u git -H mkdir
-m 0700
public/uploads/
# Make sure GitLab can write to the public/uploads/ directory
sudo chmod -R u+rwX public/uploads
# Make sure only the GitLab user has access to the public/uploads/ directory
# now that files in public/uploads are served by gitlab-workhorse
sudo chmod -R go-rwX public/uploads
# Change the permissions of the directory where CI build traces are stored
sudo chmod -R u+rwX builds/
...
...
lib/tasks/gitlab/check.rake
View file @
751ae140
...
...
@@ -285,7 +285,7 @@ namespace :gitlab do
unless
File
.
directory?
(
Rails
.
root
.
join
(
'public/uploads'
))
puts
"no"
.
red
try_fixing_it
(
"sudo -u
#{
gitlab_user
}
mkdir -m
75
0
#{
Rails
.
root
}
/public/uploads"
"sudo -u
#{
gitlab_user
}
mkdir -m
070
0
#{
Rails
.
root
}
/public/uploads"
)
for_more_information
(
see_installation_guide_section
"GitLab"
...
...
@@ -297,21 +297,22 @@ namespace :gitlab do
upload_path
=
File
.
realpath
(
Rails
.
root
.
join
(
'public/uploads'
))
upload_path_tmp
=
File
.
join
(
upload_path
,
'tmp'
)
if
File
.
stat
(
upload_path
).
mode
==
0407
5
0
if
File
.
stat
(
upload_path
).
mode
==
0407
0
0
unless
Dir
.
exists?
(
upload_path_tmp
)
puts
'skipped (no tmp uploads folder yet)'
.
magenta
return
end
# if tmp upload dir has incorrect permissions, assume others do as well
if
File
.
stat
(
upload_path_tmp
).
mode
==
040755
&&
File
.
owned?
(
upload_path_tmp
)
# verify drwxr-xr-x permissions
# If tmp upload dir has incorrect permissions, assume others do as well
# Verify drwx------ permissions
if
File
.
stat
(
upload_path_tmp
).
mode
==
040700
&&
File
.
owned?
(
upload_path_tmp
)
puts
"yes"
.
green
else
puts
"no"
.
red
try_fixing_it
(
"sudo chown -R
#{
gitlab_user
}
#{
upload_path
}
"
,
"sudo find
#{
upload_path
}
-type f -exec chmod 0644 {}
\\
;"
,
"sudo find
#{
upload_path
}
-type d -not -path
#{
upload_path
}
-exec chmod 07
55
{}
\\
;"
"sudo find
#{
upload_path
}
-type d -not -path
#{
upload_path
}
-exec chmod 07
00
{}
\\
;"
)
for_more_information
(
see_installation_guide_section
"GitLab"
...
...
@@ -321,7 +322,7 @@ namespace :gitlab do
else
puts
"no"
.
red
try_fixing_it
(
"sudo
chmod 0750
#{
upload_path
}
"
,
"sudo
find
#{
upload_path
}
-type d -not -path
#{
upload_path
}
-exec chmod 0700 {}
\\
;"
)
for_more_information
(
see_installation_guide_section
"GitLab"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment