Commit dc8bd607 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'satellites_permission' into 'master'

Update satellites directory permissions
parents 2ab53dfb 03b8dcce
...@@ -6,6 +6,7 @@ v 6.8.0 ...@@ -6,6 +6,7 @@ v 6.8.0
- Drop all tables before restoring a Postgres backup - Drop all tables before restoring a Postgres backup
- Make the repository downloads path configurable - Make the repository downloads path configurable
- Create branches via API (sponsored by O'Reilly Media) - Create branches via API (sponsored by O'Reilly Media)
- Changed permission of gitlab-satellites directory not to be world accessible
v 6.7.2 v 6.7.2
- Fix upgrader script - Fix upgrader script
......
...@@ -202,6 +202,7 @@ You can change `6-6-stable` to `master` if you want the *bleeding edge* version, ...@@ -202,6 +202,7 @@ You can change `6-6-stable` to `master` if you want the *bleeding edge* version,
# Create directory for satellites # Create directory for satellites
sudo -u git -H mkdir /home/git/gitlab-satellites sudo -u git -H mkdir /home/git/gitlab-satellites
sudo chmod o-rwx /home/git/gitlab-satellites
# Create directories for sockets/pids and make sure GitLab can write to them # Create directories for sockets/pids and make sure GitLab can write to them
sudo -u git -H mkdir tmp/pids/ sudo -u git -H mkdir tmp/pids/
......
...@@ -342,6 +342,7 @@ namespace :gitlab do ...@@ -342,6 +342,7 @@ namespace :gitlab do
check_repo_base_is_not_symlink check_repo_base_is_not_symlink
check_repo_base_user_and_group check_repo_base_user_and_group
check_repo_base_permissions check_repo_base_permissions
check_satellites_permissions
check_update_hook_is_up_to_date check_update_hook_is_up_to_date
check_repos_update_hooks_is_link check_repos_update_hooks_is_link
check_gitlab_shell_self_test check_gitlab_shell_self_test
...@@ -443,6 +444,29 @@ namespace :gitlab do ...@@ -443,6 +444,29 @@ namespace :gitlab do
end end
end end
def check_satellites_permissions
print "Satellites access is drwxr-x---? ... "
satellites_path = Gitlab.config.satellites.path
unless File.exists?(satellites_path)
puts "can't check because of previous errors".magenta
return
end
if File.stat(satellites_path).mode.to_s(8).ends_with?("0750")
puts "yes".green
else
puts "no".red
try_fixing_it(
"sudo chmod u+rwx,g+rx,o-rwx #{satellites_path}",
)
for_more_information(
see_installation_guide_section "GitLab"
)
fix_and_rerun
end
end
def check_repo_base_user_and_group def check_repo_base_user_and_group
gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user
gitlab_shell_owner_group = Gitlab.config.gitlab_shell.owner_group gitlab_shell_owner_group = Gitlab.config.gitlab_shell.owner_group
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment