Force root password configuration at install time
Problem to solve
New GitLab installations currently allow any anonymous user to browse to the login page, set a new root password, and take administrative control of the instance.
As GitLab is often installed in cloud environments with public web access enabled by default, it is probable that test installations may occur and be left dormant long enough for an attacker to use them as a gateway into compromising other resources.
Intended users
Further details
A benefit to this feature proposal would be an improvement in overall product security, protecting the infrastructure of any organization that may install instances of GitLab.
Proposal
A root password should be set at install time - the web service should not become available until this password has been set.
It may be best to have the install generate a random, secure password automatically. This will prevent the use of weak passwords.
Permissions and Security
This functionality would occur before the product is actually running, so no changes to current permissions model should be required.