From c816dcc10513731f0ef0c1b247fef1ef1287dd7c Mon Sep 17 00:00:00 2001
From: Kevin Lamontagne <kevin.lamontagne@libeo.com>
Date: Sun, 30 Dec 2012 21:46:28 -0500
Subject: [PATCH] Don't setuid the repositories (Rake checks)
---
doc/raketasks/maintenance.md | 2 +-
lib/tasks/gitlab/check.rake | 8 +++++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/doc/raketasks/maintenance.md b/doc/raketasks/maintenance.md
index bb8e1ed29f7..43df2ce9a4a 100644
--- a/doc/raketasks/maintenance.md
+++ b/doc/raketasks/maintenance.md
@@ -94,7 +94,7 @@ Config directory owned by git:git? ... yes
Config directory access is drwxr-x---? ... yes
Repo base directory exists? ... yes
Repo base owned by git:git? ... yes
-Repo base access is drwsrws---? ... yes
+Repo base access is drwxrws---? ... yes
Can clone gitolite-admin? ... yes
Can commit to gitolite-admin? ... yes
post-receive hook exists? ... yes
diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake
index 72111f87567..730a1fc5f2c 100644
--- a/lib/tasks/gitlab/check.rake
+++ b/lib/tasks/gitlab/check.rake
@@ -693,7 +693,7 @@ namespace :gitlab do
end
def check_repo_base_permissions
- print "Repo base access is drwsrws---? ... "
+ print "Repo base access is drwxrws---? ... "
repo_base_path = Gitlab.config.gitolite.repos_path
unless File.exists?(repo_base_path)
@@ -701,13 +701,15 @@ namespace :gitlab do
return
end
- if `stat --printf %a #{repo_base_path}` == "6770"
+ if `stat --printf %a #{repo_base_path}` == "2770"
puts "yes".green
else
puts "no".red
puts "#{repo_base_path} is not writable".red
try_fixing_it(
- "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}"
+ "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}",
+ "sudo chmod -R u-s #{repo_base_path}",
+ "find -type d #{repo_base_path} -print0 | sudo xargs -0 chmod g+s"
)
for_more_information(
see_installation_guide_section "Gitolite"
--
GitLab