gitlab-org--gitlab-foss/doc/raketasks/user_management.md
Sean McGivern 405379bbfc Store OTP secret key in secrets.yml
.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.

If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.

If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.

Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.
2016-08-03 15:46:37 +01:00

1.7 KiB

User management

Add user as a developer to all projects

# omnibus-gitlab
sudo gitlab-rake gitlab:import:user_to_projects[username@domain.tld]

# installation from source
bundle exec rake gitlab:import:user_to_projects[username@domain.tld] RAILS_ENV=production

Add all users to all projects

Notes:

  • admin users are added as masters
# omnibus-gitlab
sudo gitlab-rake gitlab:import:all_users_to_all_projects

# installation from source
bundle exec rake gitlab:import:all_users_to_all_projects RAILS_ENV=production

Add user as a developer to all groups

# omnibus-gitlab
sudo gitlab-rake gitlab:import:user_to_groups[username@domain.tld]

# installation from source
bundle exec rake gitlab:import:user_to_groups[username@domain.tld] RAILS_ENV=production

Add all users to all groups

Notes:

  • admin users are added as owners so they can add additional users to the group
# omnibus-gitlab
sudo gitlab-rake gitlab:import:all_users_to_all_groups

# installation from source
bundle exec rake gitlab:import:all_users_to_all_groups RAILS_ENV=production

Maintain tight control over the number of active users on your GitLab installation

  • Enable this setting to keep new users blocked until they have been cleared by the admin (default: false).
block_auto_created_users: false

Disable Two-factor Authentication (2FA) for all users

This task will disable 2FA for all users that have it enabled. This can be useful if GitLab's config/secrets.yml file has been lost and users are unable to login, for example.

# omnibus-gitlab
sudo gitlab-rake gitlab:two_factor:disable_for_all_users

# installation from source
bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production