Don't setuid the repositories (Rake checks)

c816dcc1 · Kevin Lamontagne · 29baadf0 · c816dcc1 · c816dcc1
Commit c816dcc1 authored Dec 30, 2012 by Kevin Lamontagne
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

doc/raketasks/maintenance.md doc/raketasks/maintenance.md +1 -1

lib/tasks/gitlab/check.rake lib/tasks/gitlab/check.rake +5 -3

No files found.
--- a/doc/raketasks/maintenance.md
+++ b/doc/raketasks/maintenance.md
@@ -94,7 +94,7 @@ Config directory owned by git:git? ... yes
 Config directory access is drwxr-x---? ... yes
 Repo base directory exists? ... yes
 Repo base owned by git:git? ... yes
-Repo base access is drwsrws---? ... yes
+Repo base access is drwxrws---? ... yes
 Can clone gitolite-admin? ... yes
 Can commit to gitolite-admin? ... yes
 post-receive hook exists? ... yes

--- a/lib/tasks/gitlab/check.rake
+++ b/lib/tasks/gitlab/check.rake
@@ -693,7 +693,7 @@ namespace :gitlab do
    end
    def check_repo_base_permissions
-      print "Repo base access is drwsrws---? ... "
+      print "Repo base access is drwxrws---? ... "
      repo_base_path = Gitlab.config.gitolite.repos_path
      unless File.exists?(repo_base_path)
@@ -701,13 +701,15 @@ namespace :gitlab do
        return
      end
-      if `stat --printf %a #{repo_base_path}` == "6770"
+      if `stat --printf %a #{repo_base_path}` == "2770"
        puts "yes".green
      else
        puts "no".red
        puts "#{repo_base_path} is not writable".red
        try_fixing_it(
-          "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}"
+          "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}",
+          "sudo chmod -R u-s #{repo_base_path}",
+          "find -type d #{repo_base_path} -print0 | sudo xargs -0 chmod g+s"
        )
        for_more_information(
          see_installation_guide_section "Gitolite"