`gitlab-shell/bin/check.rb` may create `gitlab-shell.log` with incorrect ownership

If /var/log/gitlab/gitlab-shell/gitlab-shell.log does not exist when /opt/gitlab/embedded/service/gitaly-ruby/gitlab-shell/bin/check.rb is executed, it will create the file with the user running the script as owner. If this is not the GitLab git user, this will cause subsequent Gitaly requests that call into the GitLab-Shell hooks to fail with:

/opt/gitlab/embedded/service/gitaly-ruby/gitlab-shell/lib/gitlab_logger.rb:42:in `initialize': Permission denied @
rb_sysopen - /var/log/gitlab/gitlab-shell/gitlab-shell.log (Errno::EACCES)
    from /opt/gitlab/embedded/service/gitaly-ruby/gitlab-shell/lib/gitlab_logger.rb:42:in `open'
    from /opt/gitlab/embedded/service/gitaly-ruby/gitlab-shell/lib/gitlab_logger.rb:42:in `initialize'
    ...

However, this is not logged by gitlab-shell as gitlab-shell.log is inaccessible; Gitaly logs the request as successful. Rails logs an GRPC::Unavailable (14:Connect Failed) error to /var/log/gitlab/gitlab-rails/production.log, but this do not give a clear indication of the source of the problem.

This issue does not exist with the new Golang version of check in gitlab-shell as it does not attempt to write to a log.

Edited Oct 15, 2019 by Will Chandler (ex-GitLab)