Commit 38aa79de authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'docs/security-follow-up' into 'master'

Clean-up some confusing info from security docs

See merge request gitlab-org/gitlab-ce!29495
parents 6b301c43 698864df
---
type: concepts
---
# Information exclusivity
Git is a distributed version control system (DVCS). This means that everyone
......
---
type: reference, howto
---
# Custom password length limits
If you want to enforce longer user passwords you can create an extra Devise
initializer with the steps below.
The user password length is set to a minimum of 8 characters by default.
To change that for installations from source:
1. Edit `devise_password_length.rb`:
```sh
cd /home/git/gitlab
sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
sudo -u git -H editor config/initializers/devise_password_length.rb
```
1. Change the new password length limits:
```ruby
config.password_length = 12..128
```
If you do not use the `devise_password_length.rb` initializer the password
length is set to a minimum of 8 characters in `config/initializers/devise.rb`.
In this example, the minimum length is 12 characters, and the maximum length
is 128 characters.
```bash
cd /home/git/gitlab
sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
sudo -u git -H editor config/initializers/devise_password_length.rb # inspect and edit the new password length limits
```
1. [Restart GitLab](../administration/restart_gitlab.md#installations-from-source)
for the changes to take effect.
<!-- ## Troubleshooting
......
---
type: reference, howto
---
# Rack Attack
[Rack Attack](https://github.com/kickstarter/rack-attack), also known as Rack::Attack, is a Ruby gem
......
---
type: howto
---
# How to reset your root password
To reset your root password, first log into your server with root privileges.
......
---
type: reference, howto
---
# Restrict allowed SSH key technologies and minimum length
`ssh-keygen` allows users to create RSA keys with as few as 768 bits, which
......
---
type: howto
---
# Enforce Two-factor Authentication (2FA)
Two-factor Authentication (2FA) provides an additional level of security to your
......
......@@ -2,37 +2,44 @@
type: howto
---
# How to unlock a locked user
# How to unlock a locked user from the command line
To unlock a locked user, first log into your server with root privileges.
After six failed login attempts a user gets in a locked state.
Start a Ruby on Rails console with this command:
To unlock a locked user:
```bash
gitlab-rails console production
```
1. SSH into your GitLab server.
1. Start a Ruby on Rails console:
Wait until the console has loaded.
```sh
## For Omnibus GitLab
sudo gitlab-rails console production
There are multiple ways to find your user. You can search for email or username.
## For installations from source
sudo -u git -H bundle exec rails console RAILS_ENV=production
```
```bash
user = User.where(id: 1).first
```
1. Find the user to unlock. You can search by email or ID.
or
```ruby
user = User.find_by(email: 'admin@local.host')
```
```bash
user = User.find_by(email: 'admin@local.host')
```
or
Unlock the user:
```ruby
user = User.where(id: 1).first
```
```bash
user.unlock_access!
```
1. Unlock the user:
Exit the console, the user should now be able to log in again.
```ruby
user.unlock_access!
```
1. Exit the console with <kbd>Ctrl</kbd>+<kbd>d</kbd>
The user should now be able to log in.
<!-- ## Troubleshooting
......
---
type: howto
---
# User email confirmation at sign-up
GitLab can be configured to require confirmation of a user's email address when
......
---
type: reference
---
# User File Uploads
Images that are attached to issues, merge requests, or comments
......
---
type: concepts, reference, howto
---
# Webhooks and insecure internal web services
If you have non-GitLab web services running on your GitLab server or within its
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment