32 lines
1.5 KiB
Markdown
32 lines
1.5 KiB
Markdown
# What you should know about omnibus packages
|
|
|
|
Most users install GitLab using our omnibus packages. As a developer it can be
|
|
good to know how the omnibus packages differ from what you have on your laptop
|
|
when you are coding.
|
|
|
|
## Files are owned by root by default
|
|
|
|
All the files in the Rails tree (`app/`, `config/` etc.) are owned by 'root' in
|
|
omnibus installations. This makes the installation simpler and it provides
|
|
extra security. The omnibus reconfigure script contains commands that give
|
|
write access to the 'git' user only where needed.
|
|
|
|
For example, the 'git' user is allowed to write in the `log/` directory, in
|
|
`public/uploads`, and they are allowed to rewrite the `db/schema.rb` file.
|
|
|
|
In other cases, the reconfigure script tricks GitLab into not trying to write a
|
|
file. For instance, GitLab will generate a `.secret` file if it cannot find one
|
|
and write it to the Rails root. In the omnibus packages, reconfigure writes the
|
|
`.secret` file first, so that GitLab never tries to write it.
|
|
|
|
## Code, data and logs are in separate directories
|
|
|
|
The omnibus design separates code (read-only, under `/opt/gitlab`) from data
|
|
(read/write, under `/var/opt/gitlab`) and logs (read/write, under
|
|
`/var/log/gitlab`). To make this happen the reconfigure script sets custom
|
|
paths where it can in GitLab config files, and where there are no path
|
|
settings, it uses symlinks.
|
|
|
|
For example, `config/gitlab.yml` is treated as data so that file is a symlink.
|
|
The same goes for `public/uploads`. The `log/` directory is replaced by omnibus
|
|
with a symlink to `/var/log/gitlab/gitlab-rails`.
|