Clean-up some confusing info from security docs

698864df · Achilleas Pipinellis · 6b301c43 · 698864df · 698864df · 698864df
Commit 698864df authored Jul 16, 2019 by Achilleas Pipinellis
10 changed files
--- a/doc/security/information_exclusivity.md
+++ b/doc/security/information_exclusivity.md
 ---
 type: concepts
 ---
 # Information exclusivity
 Git is a distributed version control system (DVCS). This means that everyone

--- a/doc/security/password_length_limits.md
+++ b/doc/security/password_length_limits.md
 ---
 type: reference, howto
 ---
 # Custom password length limits
-If you want to enforce longer user passwords you can create an extra Devise
+The user password length is set to a minimum of 8 characters by default.
-initializer with the steps below.
+To change that for installations from source:
+1. Edit `devise_password_length.rb`:
+   ```sh
+   cd /home/git/gitlab
+   sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
+   sudo -u git -H editor config/initializers/devise_password_length.rb
+   ```
+1. Change the new password length limits:
+   ```ruby
+   config.password_length = 12..128
+   ```
-If you do not use the `devise_password_length.rb` initializer the password
+   In this example, the minimum length is 12 characters, and the maximum length
-length is set to a minimum of 8 characters in `config/initializers/devise.rb`.
+   is 128 characters.
-```bash
+1. [Restart GitLab](../administration/restart_gitlab.md#installations-from-source)
-cd /home/git/gitlab
+   for the changes to take effect.
-sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
-sudo -u git -H editor config/initializers/devise_password_length.rb   # inspect and edit the new password length limits
-```
 <!-- ## Troubleshooting

--- a/doc/security/rack_attack.md
+++ b/doc/security/rack_attack.md
 ---
 type: reference, howto
 ---
 # Rack Attack
 [Rack Attack](https://github.com/kickstarter/rack-attack), also known as Rack::Attack, is a Ruby gem

--- a/doc/security/reset_root_password.md
+++ b/doc/security/reset_root_password.md
 ---
 type: howto
 ---
 # How to reset your root password
 To reset your root password, first log into your server with root privileges.

--- a/doc/security/ssh_keys_restrictions.md
+++ b/doc/security/ssh_keys_restrictions.md
 ---
 type: reference, howto
 ---
 # Restrict allowed SSH key technologies and minimum length
 `ssh-keygen` allows users to create RSA keys with as few as 768 bits, which

--- a/doc/security/two_factor_authentication.md
+++ b/doc/security/two_factor_authentication.md
 ---
 type: howto
 ---
 # Enforce Two-factor Authentication (2FA)
 Two-factor Authentication (2FA) provides an additional level of security to your

--- a/doc/security/unlock_user.md
+++ b/doc/security/unlock_user.md
@@ -2,37 +2,44 @@
 type: howto
 ---
-# How to unlock a locked user
+# How to unlock a locked user from the command line
-To unlock a locked user, first log into your server with root privileges.
+After six failed login attempts a user gets in a locked state.
-Start a Ruby on Rails console with this command:
+To unlock a locked user:
-```bash
+1. SSH into your GitLab server.
-gitlab-rails console production
+1. Start a Ruby on Rails console:
-```
-Wait until the console has loaded.
+   ```sh
+   ## For Omnibus GitLab
+   sudo gitlab-rails console production
-There are multiple ways to find your user. You can search for email or username.
+   ## For installations from source
+   sudo -u git -H bundle exec rails console RAILS_ENV=production
+   ```
-```bash
+1. Find the user to unlock. You can search by email or ID.
-user = User.where(id: 1).first
-```
-or
+   ```ruby
+   user = User.find_by(email: 'admin@local.host')
+   ```
-```bash
+   or
-user = User.find_by(email: 'admin@local.host')
-```
-Unlock the user:
+   ```ruby
+   user = User.where(id: 1).first
+   ```
-```bash
+1. Unlock the user:
-user.unlock_access!
-```
-Exit the console, the user should now be able to log in again.
+   ```ruby
+   user.unlock_access!
+   ```
+1. Exit the console with <kbd>Ctrl</kbd>+<kbd>d</kbd>
+The user should now be able to log in.
 <!-- ## Troubleshooting

--- a/doc/security/user_email_confirmation.md
+++ b/doc/security/user_email_confirmation.md
 ---
 type: howto
 ---
 # User email confirmation at sign-up
 GitLab can be configured to require confirmation of a user's email address when

--- a/doc/security/user_file_uploads.md
+++ b/doc/security/user_file_uploads.md
 ---
 type: reference
 ---
 # User File Uploads
 Images that are attached to issues, merge requests, or comments

--- a/doc/security/webhooks.md
+++ b/doc/security/webhooks.md
 ---
 type: concepts, reference, howto
 ---
 # Webhooks and insecure internal web services
 If you have non-GitLab web services running on your GitLab server or within its