Messed up gitlab permissions and don't know what to do now

Question

I tried to get my gitlab-runner to work and with that I messed up my gitlab configuration really bad...I hope it is possible to restore my self-hosted gitlab instance.

First things first: When I run sudo gitlab-ctl status I get the output

down: alertmanager: 1s, normally up, want up; run: log: (pid 8770) 1438s
down: prometheus: 0s, normally up, want up; run: log: (pid 8742) 1438s

The rest of it works as it should I guess. As I said before, the problem related in permission denied error because of messing up the configuration with sudo chown ...

Is there a way to restore the old user permissions? Or is there a way to get information about the permissions configuration gitlab needs?

Thank you very much!

PS: When I run sudo gitlab-ctl reconfigure this error appears

 ================================================================================
    Error executing action `run` on resource 'execute[/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions]'
    ================================================================================

    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------
    Expected process to exit with [0], but received '1'
    ---- Begin output of /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions ----
    STDOUT: error: could not open /var/opt/gitlab/.ssh/authorized_keys: Permission denied @ rb_sysopen - /var/opt/gitlab/.ssh/authorized_keys
    -rw------- 1 gitlab-redis git 1948 Apr 23 15:33 /var/opt/gitlab/.ssh/authorized_keys
    STDERR: 
    ---- End output of /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions ----
    Ran /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions returned 1

    Resource Declaration:
    ---------------------
    # In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/gitlab-shell.rb

     85: execute "#{gitlab_shell_keys_check} check-permissions" do
     86:   user git_user
     87:   group git_group
     88: end
     89: 

    Compiled Resource:
    ------------------
    # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/gitlab-shell.rb:85:in `from_file'

    execute("/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions") do
      action [:run]
      default_guard_interpreter :execute
      command "/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions"
      backup 5
      group "git"
      returns 0
      user "git"
      declared_type :execute
      cookbook_name "gitlab"
      recipe_name "gitlab-shell"
      domain nil
    end

    System Info:
    ------------
    chef_version=13.6.4
    platform=ubuntu
    platform_version=18.04
    ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
    program_name=/opt/gitlab/embedded/bin/chef-client
    executable=/opt/gitlab/embedded/bin/chef-client


Running handlers:
There was an error running gitlab-ctl reconfigure:

execute[/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions] (gitlab::gitlab-shell line 85) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions ----
STDOUT: error: could not open /var/opt/gitlab/.ssh/authorized_keys: Permission denied @ rb_sysopen - /var/opt/gitlab/.ssh/authorized_keys
-rw------- 1 gitlab-redis git 1948 Apr 23 15:33 /var/opt/gitlab/.ssh/authorized_keys
STDERR: 
---- End output of /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions ----
Ran /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions returned 1

Answer 1

I think you are using GitLab Omnibus! if so, download the proper version of update-permissions (your GtiLab instance version) and run the script file.
It can fix the permission problems in the case of changing UID/GID and changing ownership/permission of files and directories.

NOTE: Be careful about using this script. It should be executed with root permission! so read all the file before running and be sure you are using the right version.