Merge branch 'uploads-700' into 'master'

Restrict permissions on public/uploads

Now that files in public/uploads are served by gitlab-workhorse we can
and should just use mode 0700 to restrict access to the 'git' user
only.

See merge request !631

files/gitlab-cookbooks/gitlab/recipes/gitlab-rails.rb

@@ -60,6 +60,7 @@ end
   gitlab_rails_working_dir,
   gitlab_rails_tmp_dir,
   gitlab_ci_builds_dir,
+  gitlab_rails_public_uploads_dir,
   node['gitlab']['gitlab-rails']['gitlab_repository_downloads_path'],
   node['gitlab']['gitlab-rails']['artifacts_path'],
   node['gitlab']['gitlab-rails']['lfs_storage_path'],
@@ -91,13 +92,6 @@ directory gitlab_ci_dir do
   recursive true
 end
 
-directory gitlab_rails_public_uploads_dir do
-  owner gitlab_user
-  group account_helper.web_server_group
-  mode '0750'
-  recursive true
-end
-
 directory node['gitlab']['gitlab-rails']['pages_path'] do
   owner gitlab_user
   group account_helper.web_server_group