diff options
| author | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-02-09 11:19:25 +0200 |
|---|---|---|
| committer | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-02-09 11:35:19 +0200 |
| commit | 751ae140813e45e3a48b0e3ed7ab08c5461c5e51 (patch) | |
| tree | 370778d5aa85a75ee7f94035c446bbb0b5deac98 /lib/tasks | |
| parent | 555b1a621a9a73e8cdead9888375a43a8e59f639 (diff) | |
| download | gitlab-ce-751ae140813e45e3a48b0e3ed7ab08c5461c5e51.tar.gz | |
Restrict permissions on public/uploads
Diffstat (limited to 'lib/tasks')
| -rw-r--r-- | lib/tasks/gitlab/check.rake | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake index 2dc2953e328..d6e17821d41 100644 --- a/lib/tasks/gitlab/check.rake +++ b/lib/tasks/gitlab/check.rake @@ -285,7 +285,7 @@ namespace :gitlab do unless File.directory?(Rails.root.join('public/uploads')) puts "no".red try_fixing_it( - "sudo -u #{gitlab_user} mkdir -m 750 #{Rails.root}/public/uploads" + "sudo -u #{gitlab_user} mkdir -m 0700 #{Rails.root}/public/uploads" ) for_more_information( see_installation_guide_section "GitLab" @@ -297,21 +297,22 @@ namespace :gitlab do upload_path = File.realpath(Rails.root.join('public/uploads')) upload_path_tmp = File.join(upload_path, 'tmp') - if File.stat(upload_path).mode == 040750 + if File.stat(upload_path).mode == 040700 unless Dir.exists?(upload_path_tmp) puts 'skipped (no tmp uploads folder yet)'.magenta return end - # if tmp upload dir has incorrect permissions, assume others do as well - if File.stat(upload_path_tmp).mode == 040755 && File.owned?(upload_path_tmp) # verify drwxr-xr-x permissions + # If tmp upload dir has incorrect permissions, assume others do as well + # Verify drwx------ permissions + if File.stat(upload_path_tmp).mode == 040700 && File.owned?(upload_path_tmp) puts "yes".green else puts "no".red try_fixing_it( "sudo chown -R #{gitlab_user} #{upload_path}", "sudo find #{upload_path} -type f -exec chmod 0644 {} \\;", - "sudo find #{upload_path} -type d -not -path #{upload_path} -exec chmod 0755 {} \\;" + "sudo find #{upload_path} -type d -not -path #{upload_path} -exec chmod 0700 {} \\;" ) for_more_information( see_installation_guide_section "GitLab" @@ -321,7 +322,7 @@ namespace :gitlab do else puts "no".red try_fixing_it( - "sudo chmod 0750 #{upload_path}", + "sudo find #{upload_path} -type d -not -path #{upload_path} -exec chmod 0700 {} \\;" ) for_more_information( see_installation_guide_section "GitLab" |