Standardize file system permissions across Gitaly
Gitaly's file system permissions are all over the place. We're granting too wide permissions in many places, and we have a bunch of different permissions sets that are used fairly randomly in different locations. Enforce correct read/write behavior of transact... (#6170 - closed) began forcing correct file permissions when transactions are used at commit time. We should standardize on few file modes that are needed:
Gitaly's data doesn't need to be accessible by anyone except Gitaly. Internal runtime state doesn't make sense for others anyway. Repository data is not guaranteed to be consistent, and can even look corrupt, during WAL application. The data can only be consistently read through Gitaly. No one should write into Gitaly's storage as that would break our assumptions on how things are.
The only files that should possibly be left readable by others for now are operational logs which might be collected by some other user than the one running Gitaly.
Standardize the permissions to:
-
rwx
on directories -
r
on files. Files don't need the write bit as they should not be written to after creation. Snapshot isolation hard links the files in multiple snapshots and modifying the files would break isolation. -
rx
on executables.