summaryrefslogtreecommitdiff
path: root/doc/raketasks/user_management.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/raketasks/user_management.md')
-rw-r--r--doc/raketasks/user_management.md117
1 files changed, 64 insertions, 53 deletions
diff --git a/doc/raketasks/user_management.md b/doc/raketasks/user_management.md
index ffb1baa0b6e..61e30f9ddb1 100644
--- a/doc/raketasks/user_management.md
+++ b/doc/raketasks/user_management.md
@@ -1,7 +1,11 @@
-# User management
+# User management **(CORE ONLY)**
+
+GitLab provides Rake tasks for user management.
## Add user as a developer to all projects
+To add a user as a developer to all projects, run:
+
```shell
# omnibus-gitlab
sudo gitlab-rake gitlab:import:user_to_projects[username@domain.tld]
@@ -12,9 +16,7 @@ bundle exec rake gitlab:import:user_to_projects[username@domain.tld] RAILS_ENV=p
## Add all users to all projects
-Notes:
-
-- admin users are added as maintainers
+To add all users to all projects, run:
```shell
# omnibus-gitlab
@@ -24,8 +26,13 @@ sudo gitlab-rake gitlab:import:all_users_to_all_projects
bundle exec rake gitlab:import:all_users_to_all_projects RAILS_ENV=production
```
+NOTE: **Note:**
+Admin users are added as maintainers.
+
## Add user as a developer to all groups
+To add a user as a developer to all groups, run:
+
```shell
# omnibus-gitlab
sudo gitlab-rake gitlab:import:user_to_groups[username@domain.tld]
@@ -36,9 +43,7 @@ bundle exec rake gitlab:import:user_to_groups[username@domain.tld] RAILS_ENV=pro
## Add all users to all groups
-Notes:
-
-- admin users are added as owners so they can add additional users to the group
+To add all users to all groups, run:
```shell
# omnibus-gitlab
@@ -48,19 +53,25 @@ sudo gitlab-rake gitlab:import:all_users_to_all_groups
bundle exec rake gitlab:import:all_users_to_all_groups RAILS_ENV=production
```
-## Maintain tight control over the number of active users on your GitLab installation
+NOTE: **Note:**
+Admin users are added as owners so they can add additional users to the group.
+
+## Control the number of active users
-- Enable this setting to keep new users blocked until they have been cleared by the admin (default: false).
+Enable this setting to keep new users blocked until they have been cleared by the administrator.
+Defaults to `false`:
```plaintext
block_auto_created_users: false
```
-## Disable Two-factor Authentication (2FA) for all users
+## Disable two-factor authentication for all users
-This task will disable 2FA for all users that have it enabled. This can be
+This task disables two-factor authentication (2FA) for all users that have it enabled. This can be
useful if GitLab's `config/secrets.yml` file has been lost and users are unable
-to login, for example.
+to log in, for example.
+
+To disable two-factor authentication for all users, run:
```shell
# omnibus-gitlab
@@ -70,65 +81,65 @@ sudo gitlab-rake gitlab:two_factor:disable_for_all_users
bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
```
-## Rotate Two-factor Authentication (2FA) encryption key
+## Rotate two-factor authentication encryption key
-GitLab stores the secret data enabling 2FA to work in an encrypted database
-column. The encryption key for this data is known as `otp_key_base`, and is
+GitLab stores the secret data required for two-factor authentication (2FA) in an encrypted
+database column. The encryption key for this data is known as `otp_key_base`, and is
stored in `config/secrets.yml`.
If that file is leaked, but the individual 2FA secrets have not, it's possible
to re-encrypt those secrets with a new encryption key. This allows you to change
the leaked key without forcing all users to change their 2FA details.
-First, look up the old key. This is in the `config/secrets.yml` file, but
-**make sure you're working with the production section**. The line you're
-interested in will look like this:
+To rotate the two-factor authentication encryption key:
-```yaml
-production:
- otp_key_base: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
-```
+1. Look up the old key. This is in the `config/secrets.yml` file, but **make sure you're working
+ with the production section**. The line you're interested in will look like this:
-Next, generate a new secret:
+ ```yaml
+ production:
+ otp_key_base: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ ```
-```shell
-# omnibus-gitlab
-sudo gitlab-rake secret
+1. Generate a new secret:
-# installation from source
-bundle exec rake secret RAILS_ENV=production
-```
+ ```shell
+ # omnibus-gitlab
+ sudo gitlab-rake secret
-Now you need to stop the GitLab server, back up the existing secrets file and
-update the database:
+ # installation from source
+ bundle exec rake secret RAILS_ENV=production
+ ```
-```shell
-# omnibus-gitlab
-sudo gitlab-ctl stop
-sudo cp config/secrets.yml config/secrets.yml.bak
-sudo gitlab-rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key>
+1. Stop the GitLab server, back up the existing secrets file, and update the database:
-# installation from source
-sudo /etc/init.d/gitlab stop
-cp config/secrets.yml config/secrets.yml.bak
-bundle exec rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key> RAILS_ENV=production
-```
+ ```shell
+ # omnibus-gitlab
+ sudo gitlab-ctl stop
+ sudo cp config/secrets.yml config/secrets.yml.bak
+ sudo gitlab-rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key>
-The `<old key>` value can be read from `config/secrets.yml`; `<new key>` was
-generated earlier. The **encrypted** values for the user 2FA secrets will be
-written to the specified `filename` - you can use this to rollback in case of
-error.
+ # installation from source
+ sudo /etc/init.d/gitlab stop
+ cp config/secrets.yml config/secrets.yml.bak
+ bundle exec rake gitlab:two_factor:rotate_key:apply filename=backup.csv old_key=<old key> new_key=<new key> RAILS_ENV=production
+ ```
-Finally, change `config/secrets.yml` to set `otp_key_base` to `<new key>` and
-restart. Again, make sure you're operating in the **production** section.
+ The `<old key>` value can be read from `config/secrets.yml` (`<new key>` was
+ generated earlier). The **encrypted** values for the user 2FA secrets will be
+ written to the specified `filename`. You can use this to rollback in case of
+ error.
-```shell
-# omnibus-gitlab
-sudo gitlab-ctl start
+1. Change `config/secrets.yml` to set `otp_key_base` to `<new key>` and restart. Again, make sure
+ you're operating in the **production** section.
-# installation from source
-sudo /etc/init.d/gitlab start
-```
+ ```shell
+ # omnibus-gitlab
+ sudo gitlab-ctl start
+
+ # installation from source
+ sudo /etc/init.d/gitlab start
+ ```
If there are any problems (perhaps using the wrong value for `old_key`), you can
restore your backup of `config/secrets.yml` and rollback the changes:
View Lorry Controller Status