FS#50377 - [gitlab] Permissions are wrong

Attached to Project: Community Packages
Opened by Tobias Hunger (hunger) - Saturday, 13 August 2016, 03:11 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Saturday, 05 November 2016, 17:14 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Sven-Hendrik Haase (Svenstaro)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
After installation of gitlab and gitlab-shell the permissions are all wrong.


Additional info:
* gitlab 8.10.4-1


Steps to reproduce:
* Install gitlab and gitlab-shell

Expected result:
* /etc/webapps/gitlab* are owned by the root:gitlab
* /usr/share/webapps/gitlab* is owned by root:root
* /var/log/gitlab is owned by root:gitlab
* /var/lib/gitlab* is owned by gitlab:gitlab

Actual result:
* All files are owend by uid 105, which is undefined in my system

A way to make this work could be to ship a gitlab sysuser file in gitlab-shell and then use systemd-tmpfiles.d snippets to initialize /var/log/gitlab, /var/lib/gitlab* and /etc/webapps/gitlab* (== everything that is not to be owned by root:root). /etc/webapps/gitlab* would need to have template files that systemd-tmpfiles can copy to /etc as needed.

The tricky part are the secret files in /etc/webapps/gitlab*. I create those in /etc/webapps/secrets, owned by root:root and then use tmpfiles.d snippets to move them into the expected place with the expected ownership.
This task depends upon

Closed by  Sven-Hendrik Haase (Svenstaro)
Saturday, 05 November 2016, 17:14 GMT
Reason for closing:  Fixed
Comment by Doug Newgard (Scimmia) - Saturday, 13 August 2016, 13:53 GMT
Strange, I can't find where the user is supposed to be created.
Comment by Sven-Hendrik Haase (Svenstaro) - Monday, 15 August 2016, 20:48 GMT
I'm afraid something in your system has already created a gitlab user prior to the official package (probably an AUR package). I recommend you manually give your gitlab user id 105 (as per https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database). This is not a packaging issue. It's intentional and I think your system state is at fault here.
Comment by Tobias Hunger (hunger) - Friday, 26 August 2016, 13:16 GMT
  • Field changed: Percent Complete (100% → 0%)
The permissions are still wrong, even if the gitlab user has uid 105. There should not be files owned by gitlab in /usr.

As it stands the gitlab user can potentially change way to many files!
Comment by Sven-Hendrik Haase (Svenstaro) - Monday, 24 October 2016, 02:07 GMT
I believe this to be fixed in gitlab-8.13.0-3. Please try that.

Loading...