Updating UID/GID of the git user does not update all files
Summary
I'm not sure if this is actually an issue of not updating all files, or not handling logrotate correctly and this messes up the others.
I've tested this on Friday and works okay after a stop/reconfigure/start, however the instance went down over the weekend and now there are wrong permissions (old user/group) for the following log files in /var/log/gitlab
:
./gitaly/gitlab-shell.log
./gitaly/gitaly_hooks.log
./gitlab-rails/audit_json.log
./gitlab-rails/geo.log
./gitlab-rails/production.log
./gitlab-rails/sidekiq_exporter.log
./gitlab-rails/grpc.log
./gitlab-rails/api_json.log
./gitlab-rails/application_json.log
./gitlab-rails/production_json.log
./gitlab-rails/application.log
./gitlab-rails/exceptions_json.log
./gitlab-rails/graphql_json.log
./gitlab-rails/importer.log
./unicorn/unicorn_stdout.log
./unicorn/unicorn_stderr.log
Steps to reproduce
- Change
user[uid]
anduser[gid]
ingitlab.rb
- Run
gitlab-ctl stop
,gitlab-ctl reconfigure
,gitlab-ctl start
(stop before as otherwise there will be processes in use for the old user) - Observe the wrong permission and instance going down after ~a day
What is the current bug behavior?
The list of files above have the wrong permission and cause errors.
What is the expected correct behavior?
Files in use should have the updated uid/gid.
Possible workaround in case of failures because of old uid/gid mapping
Update the logs to use the newer mapping (though, I'm still unclear if these will be reset again later on as seen initially)
find /var/log/gitlab -uid OLD_UID | xargs -I:: chown git:git ::
Relevant logs
Relevant logs
2020-03-15_10:34:47.03332 bundler: failed to load command: unicorn (/opt/gitlab/embedded/bin/unicorn) 2020-03-15_10:34:47.03343 Errno::EACCES: Permission denied @ rb_sysopen - /var/log/gitlab/unicorn/unicorn_stderr.log 2020-03-15_10:34:47.03344 /opt/gitlab/embedded/lib/ruby/gems/2.6.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:805:in `initialize' 2020-03-15_10:34:47.03344 /opt/gitlab/embedded/lib/ruby/gems/2.6.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:805:in `open' 2020-03-15_10:34:47.03344 /opt/gitlab/embedded/lib/ruby/gems/2.6.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:805:in `redirect_io' 2020-03-15_10:34:47.03344 /opt/gitlab/embedded/lib/ruby/gems/2.6.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:174:in `stderr_path=' 2020-03-15_10:34:47.03344 /opt/gitlab/embedded/lib/ruby/gems/2.6.0/gems/unicorn-5.4.1/lib/unicorn/configurator.rb:120:in `block in commit!'
Details of package version
Provide the package version installation details
gitlab-ee: 12.8.1-ee.0
Environment details
- Operating System:
Ubuntu 18.04
- Installation Target, remove incorrect values:
- VM: GCP
- Installation Type, remove incorrect values:
- New Installation
- Is this a single or multiple node installation?
- Geo primary (though, this looks unlikely to matter)
- Resources
- CPU:
2
- Memory total:
4
- CPU:
Configuration details
Provide the relevant sections of `/etc/gitlab/gitlab.rb`
The relevant bits were:user['uid'] = 501 user['gid'] = 501
The entire file (Geo primary setup):
external_url 'https://***' gitlab_rails['geo_node_name'] = 'geo1' postgresql['sql_user_password'] = '***' gitlab_rails['db_password'] = '***' roles ['geo_primary_role'] postgresql['listen_address'] = '***' postgresql['md5_auth_cidr_addresses'] = ['***/32', '***/32'] postgresql['max_replication_slots'] = 1 gitlab_rails['auto_migrate'] = true user['uid'] = 501 user['gid'] = 501