Don't setuid the repositories (Rake checks)

2012-12-30 21:46:28 -05:00 · 2012-12-30 21:46:28 -05:00 · c816dcc105
parent 29baadf0c7
commit c816dcc105
2 changed files with 6 additions and 4 deletions
--- a/doc/raketasks/maintenance.md
+++ b/doc/raketasks/maintenance.md
@ -94,7 +94,7 @@ Config directory owned by git:git? ... yes
 Config directory access is drwxr-x---? ... yes
 Repo base directory exists? ... yes
 Repo base owned by git:git? ... yes
-Repo base access is drwsrws---? ... yes
+Repo base access is drwxrws---? ... yes
 Can clone gitolite-admin? ... yes
 Can commit to gitolite-admin? ... yes
 post-receive hook exists? ... yes
--- a/lib/tasks/gitlab/check.rake
+++ b/lib/tasks/gitlab/check.rake
@ -693,7 +693,7 @@ namespace :gitlab do
    end

    def check_repo_base_permissions
-      print "Repo base access is drwsrws---? ... "
+      print "Repo base access is drwxrws---? ... "

      repo_base_path = Gitlab.config.gitolite.repos_path
      unless File.exists?(repo_base_path)
@ -701,13 +701,15 @@ namespace :gitlab do
        return
      end

-      if `stat --printf %a #{repo_base_path}` == "6770"
+      if `stat --printf %a #{repo_base_path}` == "2770"
        puts "yes".green
      else
        puts "no".red
        puts "#{repo_base_path} is not writable".red
        try_fixing_it(
-          "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}"
+          "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}",
+          "sudo chmod -R u-s #{repo_base_path}",
+          "find -type d #{repo_base_path} -print0 | sudo xargs -0 chmod g+s"
        )
        for_more_information(
          see_installation_guide_section "Gitolite"