gitlab-org--gitlab-foss/doc/development/omnibus.md

---
stage: Systems
group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---

# What you should know about Omnibus packages

Most users install GitLab using our Omnibus packages. As a developer it can be
good to know how the Omnibus packages differ from what you have on your laptop
when you are coding.

## Files are owned by root by default

All the files in the Rails tree (`app/`, `config/`, and so on) are owned by `root` in
Omnibus installations. This makes the installation simpler and it provides
extra security. The Omnibus reconfigure script contains commands that give
write access to the `git` user only where needed.

For example, the `git` user is allowed to write in the `log/` directory, in
`public/uploads`, and they are allowed to rewrite the `db/structure.sql` file.

In other cases, the reconfigure script tricks GitLab into not trying to write a
file. For instance, GitLab generates a `.secret` file if it cannot find one
and write it to the Rails root. In the Omnibus packages, reconfigure writes the
`.secret` file first, so that GitLab never tries to write it.

## Code, data and logs are in separate directories

The Omnibus design separates code (read-only, under `/opt/gitlab`) from data
(read/write, under `/var/opt/gitlab`) and logs (read/write, under
`/var/log/gitlab`). To make this happen the reconfigure script sets custom
paths where it can in GitLab configuration files, and where there are no path
settings, it uses symlinks.

For example, `config/gitlab.yml` is treated as data so that file is a symlink.
The same goes for `public/uploads`. The `log/` directory is replaced by Omnibus
with a symlink to `/var/log/gitlab/gitlab-rails`.
Add latest changes from gitlab-org/gitlab@master 2020-10-30 14:08:56 -04:00			`---`
Add latest changes from gitlab-org/gitlab@master 2022-05-29 20:08:35 -04:00			`stage: Systems`
Add latest changes from gitlab-org/gitlab@master 2020-10-30 14:08:56 -04:00			`group: Distribution`
Add latest changes from gitlab-org/gitlab@master 2020-11-26 01:09:20 -05:00			`info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments`
Add latest changes from gitlab-org/gitlab@master 2020-10-30 14:08:56 -04:00			`---`

Update capitalization in /dev docs Clean up capitalization in /development /gitlab-basics and /install 2019-08-27 04:44:07 -04:00			`# What you should know about Omnibus packages`
Document fun facts about omnibus-gitlab 2015-02-19 05:20:58 -05:00
Update capitalization in /dev docs Clean up capitalization in /development /gitlab-basics and /install 2019-08-27 04:44:07 -04:00			`Most users install GitLab using our Omnibus packages. As a developer it can be`
			`good to know how the Omnibus packages differ from what you have on your laptop`
Document fun facts about omnibus-gitlab 2015-02-19 05:20:58 -05:00			`when you are coding.`

			`## Files are owned by root by default`

Add latest changes from gitlab-org/gitlab@master 2021-07-19 14:08:23 -04:00			All the files in the Rails tree (`app/`, `config/`, and so on) are owned by `root` in
Update capitalization in /dev docs Clean up capitalization in /development /gitlab-basics and /install 2019-08-27 04:44:07 -04:00			`Omnibus installations. This makes the installation simpler and it provides`
			`extra security. The Omnibus reconfigure script contains commands that give`
			write access to the `git` user only where needed.
Document fun facts about omnibus-gitlab 2015-02-19 05:20:58 -05:00
Update capitalization in /dev docs Clean up capitalization in /development /gitlab-basics and /install 2019-08-27 04:44:07 -04:00			For example, the `git` user is allowed to write in the `log/` directory, in
Add latest changes from gitlab-org/gitlab@master 2020-03-22 11:09:49 -04:00			`public/uploads`, and they are allowed to rewrite the `db/structure.sql` file.
Document fun facts about omnibus-gitlab 2015-02-19 05:20:58 -05:00
			`In other cases, the reconfigure script tricks GitLab into not trying to write a`
Add latest changes from gitlab-org/gitlab@master 2022-07-06 05:08:10 -04:00			file. For instance, GitLab generates a `.secret` file if it cannot find one
Update capitalization in /dev docs Clean up capitalization in /development /gitlab-basics and /install 2019-08-27 04:44:07 -04:00			`and write it to the Rails root. In the Omnibus packages, reconfigure writes the`
Document fun facts about omnibus-gitlab 2015-02-19 05:20:58 -05:00			`.secret` file first, so that GitLab never tries to write it.

			`## Code, data and logs are in separate directories`

Update capitalization in /dev docs Clean up capitalization in /development /gitlab-basics and /install 2019-08-27 04:44:07 -04:00			The Omnibus design separates code (read-only, under `/opt/gitlab`) from data
Document fun facts about omnibus-gitlab 2015-02-19 05:20:58 -05:00			(read/write, under `/var/opt/gitlab`) and logs (read/write, under
			`/var/log/gitlab`). To make this happen the reconfigure script sets custom
Add latest changes from gitlab-org/gitlab@master 2020-06-03 02:08:34 -04:00			`paths where it can in GitLab configuration files, and where there are no path`
Document fun facts about omnibus-gitlab 2015-02-19 05:20:58 -05:00			`settings, it uses symlinks.`

			For example, `config/gitlab.yml` is treated as data so that file is a symlink.
Update capitalization in /dev docs Clean up capitalization in /development /gitlab-basics and /install 2019-08-27 04:44:07 -04:00			The same goes for `public/uploads`. The `log/` directory is replaced by Omnibus
Document fun facts about omnibus-gitlab 2015-02-19 05:20:58 -05:00			with a symlink to `/var/log/gitlab/gitlab-rails`.