gitlab git-data folder permission

0
votes

We have in our company a CentOS server with a Gitlab installed on it , to be quick our problem is that every time we change the permissions of the git-data folder , it reverts back to its original permission (from 755 to 700)

what would be the solution ?

look at the audit logs, it appears that it is in fact GitLab that is changing the permissions of the

/var/opt/gitlab/git-data/ directory. The timestamp for the last permissions change on that directory is "2016-05-11 21:29:49.514000000 +0300" and here is the corresponding log entry:

time->Wed May 11 21:29:49 2016type=PATH
msg=audit(1462991389.514:666395): item=0 name="/var/opt/gitlab/git-data"
 inode=7997371 dev=fd:03 mode=040755 ouid=991 ogid=987 rdev=00:00
objtype=NORMALtype=CWD msg=audit(1462991389.514:666395):  cwd="/"type=SYSCALL
 msg=audit(1462991389.514:666395): arch=c000003e syscall=90 success=yes
exit=0 a0=5226310 a1=1c0 a2=20502865 a3=7ffc1ba7a020 items=1 ppid=10791
pid=10797 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
 tty=(none) ses=60624 comm="chef-client"
exe="/opt/gitlab/embedded/bin/ruby" key=(null)

It appears that the "chef-client" is what is changing the permissions

1
linuxgitcentosgitlab

1 Answers

1
votes

Although I don't know what the implications are to change the the permissions on the data folder, editing the recipe will ensure that the permissions stay. If you use a omnibus installation the recipe should be /opt/gitlab/embedded/cookbooks/gitlab/recipes/gitlab-shell.rb. In this file edit the line mode so that it matches your requirement:

directory git_data_directory do
owner git_user
mode "0700"
recursive true

If you do a gitlab-ctl reconfigure now, chef will automatically set the permissions. It is possible that the file will be edited on an update so keep that in mind.