diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index aca1586693..185af150c2 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -970,10 +970,10 @@ Default is the number of CPUs. [[capability.administrateServer]]capability.administrateServer:: + Names of groups of users that are allowed to exercise the -administrateServer capability, in addition to those listed in +`administrateServer` capability, in addition to those listed in All-Projects. Configuring this option can be a useful fail-safe to recover a server in the event an administrator removed all -groups from the administrateServer capability, or to ensure that +groups from the `administrateServer` capability, or to ensure that specific groups always have administration capabilities. + ---- @@ -987,7 +987,16 @@ name. If a group cannot be found for the configured name a warning is logged and the server will continue normal startup. + If not specified (default), only the groups listed by All-Projects -may use the administrateServer capability. +may use the `administrateServer` capability. + +[[capability.makeFirstUserAdmin]]capability.makeFirstUserAdmin:: ++ +Whether the first user that logs in to the Gerrit server should +automatically be added to the administrator group and hence get the +`administrateServer` capability assigned. This is useful to bootstrap +the authentication database. ++ +Default is true. [[change]] diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java index 9f2b869f2c..3ff35b313f 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java @@ -30,6 +30,7 @@ import com.google.gerrit.server.IdentifiedUser; import com.google.gerrit.server.account.externalids.ExternalId; import com.google.gerrit.server.account.externalids.ExternalIds; import com.google.gerrit.server.account.externalids.ExternalIdsUpdate; +import com.google.gerrit.server.config.GerritServerConfig; import com.google.gerrit.server.project.ProjectCache; import com.google.gerrit.server.query.account.InternalAccountQuery; import com.google.gwtorm.server.OrmException; @@ -43,6 +44,7 @@ import java.util.Collections; import java.util.Optional; import java.util.concurrent.atomic.AtomicBoolean; import org.eclipse.jgit.errors.ConfigInvalidException; +import org.eclipse.jgit.lib.Config; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -69,6 +71,7 @@ public class AccountManager { @Inject AccountManager( SchemaFactory schema, + @GerritServerConfig Config cfg, Accounts accounts, AccountsUpdate.Server accountsUpdateFactory, AccountCache byIdCache, @@ -90,7 +93,8 @@ public class AccountManager { this.userFactory = userFactory; this.changeUserNameFactory = changeUserNameFactory; this.projectCache = projectCache; - this.awaitsFirstAccountCheck = new AtomicBoolean(true); + this.awaitsFirstAccountCheck = + new AtomicBoolean(cfg.getBoolean("capability", "makeFirstUserAdmin", true)); this.auditService = auditService; this.accountQueryProvider = accountQueryProvider; this.externalIds = externalIds;