diff options
| author | Patrick Bajao <ebajao@gitlab.com> | 2019-08-27 12:33:48 +0800 |
|---|---|---|
| committer | Patrick Bajao <ebajao@gitlab.com> | 2019-08-29 16:33:04 +0800 |
| commit | 0e33f16b5f93382214f806737d3fcf5e065c5447 (patch) | |
| tree | d7ba941512c78438f7605f63bbf255ecb9f22eab /lib/system_check | |
| parent | 95ffd22f07d821f223388bd60a287365d3b7d8f6 (diff) | |
| download | gitlab-ce-0e33f16b5f93382214f806737d3fcf5e065c5447.tar.gz | |
Add system check for authorized_keys file perm
This check is being removed from gitlab-shell as the file
is now being managed by gitlab-rails.
Diffstat (limited to 'lib/system_check')
| -rw-r--r-- | lib/system_check/app/authorized_keys_permission_check.rb | 37 | ||||
| -rw-r--r-- | lib/system_check/rake_task/app_task.rb | 3 |
2 files changed, 39 insertions, 1 deletions
diff --git a/lib/system_check/app/authorized_keys_permission_check.rb b/lib/system_check/app/authorized_keys_permission_check.rb new file mode 100644 index 00000000000..1c581f88abc --- /dev/null +++ b/lib/system_check/app/authorized_keys_permission_check.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +module SystemCheck + module App + class AuthorizedKeysPermissionCheck < SystemCheck::BaseCheck + set_name 'Is authorized keys file accessible?' + set_skip_reason 'skipped (authorized keys not enabled)' + + def skip? + !authorized_keys_enabled? + end + + def check? + authorized_keys.accessible? + end + + def show_error + try_fixing_it([ + "sudo chmod 700 #{File.dirname(authorized_keys.file)}", + "touch #{authorized_keys.file}", + "sudo chmod 600 #{authorized_keys.file}" + ]) + fix_and_rerun + end + + private + + def authorized_keys_enabled? + Gitlab::CurrentSettings.current_application_settings.authorized_keys_enabled + end + + def authorized_keys + @authorized_keys ||= Gitlab::AuthorizedKeys.new + end + end + end +end diff --git a/lib/system_check/rake_task/app_task.rb b/lib/system_check/rake_task/app_task.rb index cc32feb8604..e98cee510ff 100644 --- a/lib/system_check/rake_task/app_task.rb +++ b/lib/system_check/rake_task/app_task.rb @@ -30,7 +30,8 @@ module SystemCheck SystemCheck::App::RubyVersionCheck, SystemCheck::App::GitVersionCheck, SystemCheck::App::GitUserDefaultSSHConfigCheck, - SystemCheck::App::ActiveUsersCheck + SystemCheck::App::ActiveUsersCheck, + SystemCheck::App::AuthorizedKeysPermissionCheck ] end end |