Merge pull request #2440 from klamontagne/master

Don't setuid the repositories on installation

diff --cc doc/install/installation.md
index 0724bea,c499288..1672b77
--- 1/doc/install/installation.md
--- 2/doc/install/installation.md
+++ b/doc/install/installation.md
@@@ -145,15 -146,25 +145,16 @@@ Fix the directory permissions for the c
  Fix the directory permissions for the repositories:
  
      # Make sure the repositories dir is owned by git and it stays that way
-     sudo chmod -R ug+rwXs,o-rwx /home/git/repositories/
+     sudo chmod -R ug+rwX,o-rwx /home/git/repositories/
      sudo chown -R git:git /home/git/repositories/
+     find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s 
  
  
 -## Disable StrictHostKeyChecking for localhost and your domain
 +## Add domains to list to the list of known hosts
  
 -    echo "Host localhost
 -       StrictHostKeyChecking no
 -       UserKnownHostsFile=/dev/null" | sudo tee -a /etc/ssh/ssh_config
 -
 -    echo "Host YOUR_DOMAIN_NAME
 -       StrictHostKeyChecking no
 -       UserKnownHostsFile=/dev/null" | sudo tee -a /etc/ssh/ssh_config
 -
 -    # If gitolite domain differs
 -    echo "Host YOUR_GITOLITE_DOMAIN
 -       StrictHostKeyChecking no
 -       UserKnownHostsFile=/dev/null" | sudo tee -a /etc/ssh/ssh_config
 +    sudo -u gitlab -H ssh git@localhost
 +    sudo -u gitlab -H ssh git@YOUR_DOMAIN_NAME
 +    sudo -u gitlab -H ssh git@YOUR_GITOLITE_DOMAIN_NAME
  
  
  ## Test if everything works so far

diff --cc doc/raketasks/maintenance.md
Simple merge

diff --cc lib/tasks/gitlab/check.rake
index 1ca723f,ab95c82..5e25d1b
--- 1/lib/tasks/gitlab/check.rake
--- 2/lib/tasks/gitlab/check.rake
+++ b/lib/tasks/gitlab/check.rake
@@@ -695,28 -692,8 +695,28 @@@ namespace :gitlab d
        end
      end
  
 +    def check_repo_base_is_not_symlink
 +      print "Repo base directory is a symlink? ... "
 +
 +      repo_base_path = Gitlab.config.gitolite.repos_path
 +      unless File.exists?(repo_base_path)
 +        puts "can't check because of previous errors".magenta
 +        return
 +      end
 +
 +      unless File.symlink?(repo_base_path)
 +        puts "no".green
 +      else
 +        puts "yes".red
 +        try_fixing_it(
 +          "Make sure it's set to the real directory in config/gitlab.yml"
 +        )
 +        fix_and_rerun
 +      end
 +    end
 +
      def check_repo_base_permissions
-       print "Repo base access is drwsrws---? ... "
+       print "Repo base access is drwxrws---? ... "
  
        repo_base_path = Gitlab.config.gitolite.repos_path
        unless File.exists?(repo_base_path)
@@@ -724,12 -701,15 +724,14 @@@
          return
        end
  
-       if File.stat(repo_base_path).mode.to_s(8).ends_with?("6770")
 -      if `stat --printf %a #{repo_base_path}` == "2770"
++      if File.stat(repo_base_path).mode.to_s(8).ends_with?("2770")
          puts "yes".green
        else
          puts "no".red
 -        puts "#{repo_base_path} is not writable".red
          try_fixing_it(
-           "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}"
+           "sudo chmod -R ug+rwX,o-rwx #{repo_base_path}",
+           "sudo chmod -R u-s #{repo_base_path}",
+           "find #{repo_base_path} -type d -print0 | sudo xargs -0 chmod g+s"
          )
          for_more_information(
            see_installation_guide_section "Gitolite"