Most users install GitLab using our Omnibus packages. As a developer it can be good to know how the Omnibus packages differ from what you have on your laptop when you are coding.
All the files in the Rails tree (
config/ etc.) are owned by
Omnibus installations. This makes the installation simpler and it provides
extra security. The Omnibus reconfigure script contains commands that give
write access to the
git user only where needed.
For example, the
git user is allowed to write in the
log/ directory, in
public/uploads, and they are allowed to rewrite the
In other cases, the reconfigure script tricks GitLab into not trying to write a
file. For instance, GitLab will generate a
.secret file if it cannot find one
and write it to the Rails root. In the Omnibus packages, reconfigure writes the
.secret file first, so that GitLab never tries to write it.
The Omnibus design separates code (read-only, under
/opt/gitlab) from data
/var/opt/gitlab) and logs (read/write, under
/var/log/gitlab). To make this happen the reconfigure script sets custom
paths where it can in GitLab configuration files, and where there are no path
settings, it uses symlinks.
config/gitlab.yml is treated as data so that file is a symlink.
The same goes for
log/ directory is replaced by Omnibus
with a symlink to