Commit 755325c8 authored by Rémy Coutable's avatar Rémy Coutable

Fix the `gitlab:gitlab_shell:check` task

Make the `gitlab:gitlab_shell:check` task check that the repositories storage
path are owned by the `root` group
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 8fa2c5ca
---
title: "Make the `gitlab:gitlab_shell:check` task check that the repositories storage path are owned by the `root` group"
merge_request:
author:
...@@ -431,8 +431,7 @@ namespace :gitlab do ...@@ -431,8 +431,7 @@ namespace :gitlab do
def check_repo_base_user_and_group def check_repo_base_user_and_group
gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user
gitlab_shell_owner_group = Gitlab.config.gitlab_shell.owner_group puts "Repo paths owned by #{gitlab_shell_ssh_user}:root, or #{gitlab_shell_ssh_user}:#{Gitlab.config.gitlab_shell.owner_group}?"
puts "Repo paths owned by #{gitlab_shell_ssh_user}:#{gitlab_shell_owner_group}?"
Gitlab.config.repositories.storages.each do |name, repository_storage| Gitlab.config.repositories.storages.each do |name, repository_storage|
repo_base_path = repository_storage['path'] repo_base_path = repository_storage['path']
...@@ -443,15 +442,16 @@ namespace :gitlab do ...@@ -443,15 +442,16 @@ namespace :gitlab do
break break
end end
uid = uid_for(gitlab_shell_ssh_user) user_id = uid_for(gitlab_shell_ssh_user)
gid = gid_for(gitlab_shell_owner_group) root_group_id = gid_for('root')
if File.stat(repo_base_path).uid == uid && File.stat(repo_base_path).gid == gid group_ids = [root_group_id, gid_for(Gitlab.config.gitlab_shell.owner_group)]
if File.stat(repo_base_path).uid == user_id && group_ids.include?(File.stat(repo_base_path).gid)
puts "yes".color(:green) puts "yes".color(:green)
else else
puts "no".color(:red) puts "no".color(:red)
puts " User id for #{gitlab_shell_ssh_user}: #{uid}. Groupd id for #{gitlab_shell_owner_group}: #{gid}".color(:blue) puts " User id for #{gitlab_shell_ssh_user}: #{user_id}. Groupd id for root: #{root_group_id}".color(:blue)
try_fixing_it( try_fixing_it(
"sudo chown -R #{gitlab_shell_ssh_user}:#{gitlab_shell_owner_group} #{repo_base_path}" "sudo chown -R #{gitlab_shell_ssh_user}:root #{repo_base_path}"
) )
for_more_information( for_more_information(
see_installation_guide_section "GitLab Shell" see_installation_guide_section "GitLab Shell"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment