From 29baadf0c7f48c63867b839d4f990ff767b6dcc9 Mon Sep 17 00:00:00 2001 From: Kevin Lamontagne Date: Sun, 30 Dec 2012 21:15:31 -0500 Subject: [PATCH 1/3] Don't setuid the repositories on installation --- doc/install/installation.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/install/installation.md b/doc/install/installation.md index 7fb5e48cdc9..c499288ea5a 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -146,8 +146,9 @@ Fix the directory permissions for the configuration directory: Fix the directory permissions for the repositories: # Make sure the repositories dir is owned by git and it stays that way - sudo chmod -R ug+rwXs,o-rwx /home/git/repositories/ + sudo chmod -R ug+rwX,o-rwx /home/git/repositories/ sudo chown -R git:git /home/git/repositories/ + find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s ## Disable StrictHostKeyChecking for localhost and your domain From c816dcc10513731f0ef0c1b247fef1ef1287dd7c Mon Sep 17 00:00:00 2001 From: Kevin Lamontagne Date: Sun, 30 Dec 2012 21:46:28 -0500 Subject: [PATCH 2/3] Don't setuid the repositories (Rake checks) --- doc/raketasks/maintenance.md | 2 +- lib/tasks/gitlab/check.rake | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/doc/raketasks/maintenance.md b/doc/raketasks/maintenance.md index bb8e1ed29f7..43df2ce9a4a 100644 --- a/doc/raketasks/maintenance.md +++ b/doc/raketasks/maintenance.md @@ -94,7 +94,7 @@ Config directory owned by git:git? ... yes Config directory access is drwxr-x---? ... yes Repo base directory exists? ... yes Repo base owned by git:git? ... yes -Repo base access is drwsrws---? ... yes +Repo base access is drwxrws---? ... yes Can clone gitolite-admin? ... yes Can commit to gitolite-admin? ... yes post-receive hook exists? ... yes diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake index 72111f87567..730a1fc5f2c 100644 --- a/lib/tasks/gitlab/check.rake +++ b/lib/tasks/gitlab/check.rake @@ -693,7 +693,7 @@ namespace :gitlab do end def check_repo_base_permissions - print "Repo base access is drwsrws---? ... " + print "Repo base access is drwxrws---? ... " repo_base_path = Gitlab.config.gitolite.repos_path unless File.exists?(repo_base_path) @@ -701,13 +701,15 @@ namespace :gitlab do return end - if `stat --printf %a #{repo_base_path}` == "6770" + if `stat --printf %a #{repo_base_path}` == "2770" puts "yes".green else puts "no".red puts "#{repo_base_path} is not writable".red try_fixing_it( - "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}" + "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}", + "sudo chmod -R u-s #{repo_base_path}", + "find -type d #{repo_base_path} -print0 | sudo xargs -0 chmod g+s" ) for_more_information( see_installation_guide_section "Gitolite" From f4175219fb7a1cb93f7eed54bd6510a85345096e Mon Sep 17 00:00:00 2001 From: Kevin Lamontagne Date: Fri, 18 Jan 2013 14:13:38 -0500 Subject: [PATCH 3/3] Fix gitlab:check recommendation Running the recommendation would give out: GNU find: paths must precede expression --- lib/tasks/gitlab/check.rake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake index 730a1fc5f2c..ab95c823df7 100644 --- a/lib/tasks/gitlab/check.rake +++ b/lib/tasks/gitlab/check.rake @@ -709,7 +709,7 @@ namespace :gitlab do try_fixing_it( "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}", "sudo chmod -R u-s #{repo_base_path}", - "find -type d #{repo_base_path} -print0 | sudo xargs -0 chmod g+s" + "find #{repo_base_path} -type d -print0 | sudo xargs -0 chmod g+s" ) for_more_information( see_installation_guide_section "Gitolite"