Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

make 'git' a system-user #3438

Closed
wants to merge 4 commits into from
@Finkregh

Make 'git' a system-user, as it is a service/daemon, not a //normal// user.
Make 'su' start a login-shell.

I suppose gitlab does not need a login-shell?

Finkregh added some commits
@Finkregh Finkregh make 'git' a system-user
Make 'git' a system-user, as it is a service/daemon, not a //normal// user.
Make 'su' start a login-shell.

I suppose gitlab does not need a login-shell?
8a0a337
@Finkregh Finkregh also create system-group 54535aa
@Finkregh Finkregh set git-config before check
set the config on setup and before running 'bundle exec rake gitlab:check RAILS_ENV=production', as that says that these should be set
8b3318e
@Finkregh Finkregh fix git-user (provide shell) 7768658
@randx
Owner

I need a login-shell for developing. I use git user on local machine to develop gitlab

@koenpunt

@randx But that's for developing, so you can change that on your local machine right?

@Finkregh

:+1: for @koenpunt

the user for such a daemon should not be given any sort of login-capability. what you do on your dev-machine is something completely different :smile:

@mckern

+1 to "development != production"

@mjdetullio

Regardless of whether or not the user runs GitLab as a daemon, you should still be able to sudo su - git for troubleshooting production issues. However I agree that you shouldn't be able to log into the user directly.

@tvn87

:+1: A deployment that is compatible with the FHS would be great.

@rbecher

+1 this is much cleaner on a production system

@netdata

+1 we use puppet to manage our users on our system, this also means we purge all users which should not be on the system
This is not the case for system users, so now I have to disable puppet.

@brodock

I would like to link this chef-recipe as a way to contribute to the discussion:
https://github.com/atomic-penguin/cookbook-gitlab

according to the readme, the author changed git home directory to /srv/git and default gitlab's installation directory to /srv/git/gitlab as a way to comply with FHS.

On a ubuntu centered perspective, it should be placed somewhere in /var or /var/www as it's the default apache webroot, but it makes more sense after reading the arguments on serverfault (the stackoverflow's version for sever administration), I'm now convinced that /srv/git is the place to be.

To be more specific, I do believe that this is the change we should do to comply with FHS:

/home/git -> /srv/git
/home/git/giltab -> /srv/git/gitlab
/home/git/gitlab-shell -> /srv/git/gitlab-shell

A side-effect is that some people like to have / in a small partition and /home in another big disk partition. This can be solved by symlink /srv to /home/git.

IMHO this makes sense to be considered.


To create a "git" user with home pointing to /srv/git:

sudo useradd -d /srv/git -m git

To change an already existing git user to point new home to /srv/git:

sudo mv /home/git /srv/git
sudo usermod -d /srv/git git
@jvanbaarsen
Collaborator

This pull request has been closed because a request for more information has not been reacted to for more than 2 weeks. If you respond and conform to the pull request guidelines in our contributing guidelines we will reopen this pull request. /cc @Razer6

@Razer6 Razer6 closed this
@Finkregh

a request for more information has not been reacted to

quote please W(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 28, 2013
  1. @Finkregh

    make 'git' a system-user

    Finkregh authored
    Make 'git' a system-user, as it is a service/daemon, not a //normal// user.
    Make 'su' start a login-shell.
    
    I suppose gitlab does not need a login-shell?
  2. @Finkregh

    also create system-group

    Finkregh authored
  3. @Finkregh

    set git-config before check

    Finkregh authored
    set the config on setup and before running 'bundle exec rake gitlab:check RAILS_ENV=production', as that says that these should be set
  4. @Finkregh

    fix git-user (provide shell)

    Finkregh authored
This page is out of date. Refresh to see the latest.
Showing with 6 additions and 5 deletions.
  1. +6 −5 doc/install/installation.md
View
11 doc/install/installation.md
@@ -89,7 +89,7 @@ Install the Bundler Gem:
Create a `git` user for Gitlab:
- sudo adduser --disabled-login --gecos 'GitLab' git
+ sudo adduser --group --shell /bin/bash --disabled-login --system --gecos 'GitLab' git
# 4. GitLab shell
@@ -97,10 +97,7 @@ Create a `git` user for Gitlab:
GitLab Shell is a ssh access and repository management software developed specially for GitLab.
# Login as git
- sudo su git
-
- # Go to home directory
- cd /home/git
+ sudo su -s /bin/bash - git
# Clone gitlab shell
git clone https://github.com/gitlabhq/gitlab-shell.git
@@ -167,6 +164,10 @@ do so with caution!
# Copy the example Unicorn config
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
+
+ # Set git-variables for gitlab itself
+ sudo -u git -H git config --global user.name "GitLab"
+ sudo -u git -H git config --global user.email "gitlab@localhost"
**Important Note:**
Make sure to edit both files to match your setup.
Something went wrong with that request. Please try again.