Merge pull request #3 from dosire/implement_phusion_security_enhancements

Change permissions of gitolite and yml.

Author: ariejan

install/debian_ubuntu_aws.sh

@@ -81,6 +81,10 @@ sudo chown git:git /home/git/share/gitolite/hooks/common/post-receive
 # Set the first occurrence of host in the Gitlab config to the publicly available domain name
 sudo sed -i '0,/host/s/localhost/'`wget -qO- http://instance-data/latest/meta-data/public-hostname`'/' /home/gitlab/gitlab/config/gitlab.yml
 
+# Tighten security
+sudo -u git chmod 750 /home/git/gitolite
+sudo -u gitlab chmod 660 /home/gitlab/gitlab/config/*.yml
+
 # Install and configure Nginx
 sudo apt-get install -y nginx
 sudo wget https://raw.github.com/gitlabhq/gitlab-recipes/master/nginx/gitlab -P /etc/nginx/sites-available/
@@ -135,4 +139,4 @@ echo '5iveL!fe'
 
 # Monitoring commands for the web server:
 # sudo tail -f /var/log/nginx/access.log
-# sudo tail -f /var/log/nginx/error.log
+# sudo tail -f /var/log/nginx/error.log