kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Fix the gitlab:gitlab_shell:check task

Browse source 
Make the `gitlab:gitlab_shell:check` task check that the repositories storage
path are owned by the `root` group

Signed-off-by: Rémy Coutable <remy@rymai.me>
This commit is contained in:
Rémy Coutable 2017-04-12 09:35:48 +02:00
parent 8fa2c5cae5
commit 755325c827
2 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
changelogs/unreleased/omnibus-gitlab-1993-check-shell-repositories-path-group-is-root.yml Normal file
View file

@ -0,0 +1,4 @@
---
title: "Make the `gitlab:gitlab_shell:check` task check that the repositories storage path are owned by the `root` group"
merge_request:
author:

14
lib/tasks/gitlab/check.rake
View file

@ -431,8 +431,7 @@ namespace :gitlab do
def check_repo_base_user_and_group def check_repo_base_user_and_group
gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user gitlab_shell_ssh_user = Gitlab.config.gitlab_shell.ssh_user
gitlab_shell_owner_group = Gitlab.config.gitlab_shell.owner_group puts "Repo paths owned by #{gitlab_shell_ssh_user}:root, or #{gitlab_shell_ssh_user}:#{Gitlab.config.gitlab_shell.owner_group}?"
puts "Repo paths owned by #{gitlab_shell_ssh_user}:#{gitlab_shell_owner_group}?"
Gitlab.config.repositories.storages.each do |name, repository_storage| Gitlab.config.repositories.storages.each do |name, repository_storage|
repo_base_path = repository_storage['path'] repo_base_path = repository_storage['path']
@ -443,15 +442,16 @@ namespace :gitlab do
break break
end end
uid = uid_for(gitlab_shell_ssh_user) user_id = uid_for(gitlab_shell_ssh_user)
gid = gid_for(gitlab_shell_owner_group) root_group_id = gid_for('root')
if File.stat(repo_base_path).uid == uid && File.stat(repo_base_path).gid == gid group_ids = [root_group_id, gid_for(Gitlab.config.gitlab_shell.owner_group)]
if File.stat(repo_base_path).uid == user_id && group_ids.include?(File.stat(repo_base_path).gid)
puts "yes".color(:green) puts "yes".color(:green)
else else
puts "no".color(:red) puts "no".color(:red)
puts " User id for #{gitlab_shell_ssh_user}: #{uid}. Groupd id for #{gitlab_shell_owner_group}: #{gid}".color(:blue) puts " User id for #{gitlab_shell_ssh_user}: #{user_id}. Groupd id for root: #{root_group_id}".color(:blue)
try_fixing_it( try_fixing_it(
"sudo chown -R #{gitlab_shell_ssh_user}:#{gitlab_shell_owner_group} #{repo_base_path}" "sudo chown -R #{gitlab_shell_ssh_user}:root #{repo_base_path}"
) )
for_more_information( for_more_information(
see_installation_guide_section "GitLab Shell" see_installation_guide_section "GitLab Shell"