Hi All,
I have installed the Gitea 1.19.1 container on a Raspberry Pi 4B using Docker Compose (note 1) and have used the command " volumes : /media/ext_ssd/gitea_data:/data" to redirect the container’s data to an external SSD.
However, when I create a new repository (test.git) in the Gitea web interface, the local directory’s permissions are 755 (note 2), which allows any logged-in user to access the repository data.
Is there any way to prevent everyone from being able to read the repository data when Gitea creates or modifies a repository?
我使用 docker-compose(注1) 在 raspberry pi 4b 上面安裝了 gitea1-19.2 的 container
並使用 volumes: /media/ext_ssd/gitea_data:/data 指令,把 container 的 data 導到我一個外部儲存的 SSD
不過我發現當我在 Gitea web 建立一個新的 repository (test.git) 的時候,他 local directory 的權限卻是 755 (注2)
這樣會讓這台能登入的帳號取得 repository 的資料
有沒有辦法能讓 Gitea 新增/修改 repository 的時候,讓權限至少不要讓 everyone 能做讀取?
Note 1:
docker-compose.yml
version: “3”
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- gitea
volumes:
- /media/ext_ssd/gitea_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- “13000:3000”
- “10022:22”
Note 2:( we can see repo’s permission is 755)
drwxr-xr-x 7 eric eric 4096 Apr 28 03:00 .
drwxrwx— 3 eric eric 4096 Apr 28 03:00 …
drwxr-xr-x 2 eric eric 4096 Apr 28 03:00 branches
-rw-r–r-- 1 eric eric 66 Apr 28 03:00 config
-rw-r–r-- 1 eric eric 73 Apr 28 03:00 description
-rw-r–r-- 1 eric eric 21 Apr 28 03:00 HEAD
drwxr-xr-x 6 eric eric 4096 Apr 28 03:00 hooks
drwxr-xr-x 2 eric eric 4096 Apr 28 03:00 info
drwxr-xr-x 4 eric eric 4096 Apr 28 03:00 objects
drwxr-xr-x 4 eric eric 4096 Apr 28 03:00 refs
eric@raspberrypi:/media/ext_ssd/gitea_data/git/repositories/ericwang/test.git $
