Ownership and permissions of /etc/netdata (#7244)

* make install takes care of ownership and permissions of /etc/netdata Instead of netdata-installer.sh * Fix identation in Makefile.am files * netdata-installer.sh: Clearer variable assignment * netdata-installer.sh: Set /etc/netdata/netdata.conf ownership to root:root and permissions to 0644 * netdata-installer.sh: Set /etc/netdata/.environment permissions to 0644 * install-or-update.sh: Set permissions for /opt/netdata/etc/netdata.conf to 0644 * install-or-update.sh: Use ${NETDATA_PREFIX} more * install-or-update.sh: Improve indentation * install-or-update.sh: Do not create /opt/netdata/etc/netdata directories * debian/rules: /etc/netdata files and directories are now installed by make install * debian/rules: Properly copy files across directories When destination directory exists * netdata.spec.in: /etc/netdata ownership and permissions * Revert "Fix identation in Makefile.am files" This reverts commit 63fdb299b69152fda6984f81b0fef02f364c5efe. * Remove uninstall-local recipes from Makefile.am files * Removed superfluous whitespace and hash
2019-11-11 21:16:42 +02:00 · 2019-11-11 21:16:42 +02:00 · 1094175c3b
parent be75567a7d
commit 1094175c3b
12 changed files with 61 additions and 87 deletions
--- a/collectors/Makefile.am
+++ b/collectors/Makefile.am
@ -27,6 +27,14 @@ SUBDIRS = \
    tc.plugin \
    $(NULL)

+usercustompluginsconfigdir=$(configdir)/custom-plugins.d
+usergoconfigdir=$(configdir)/go.d
+
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(usercustompluginsconfigdir)
+	$(INSTALL) -d $(DESTDIR)$(usergoconfigdir)
+
 dist_noinst_DATA = \
    README.md \
    $(NULL)
--- a/collectors/charts.d.plugin/Makefile.am
+++ b/collectors/charts.d.plugin/Makefile.am
@ -34,6 +34,10 @@ dist_userchartsconfig_DATA = \
    .keep \
    $(NULL)

+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(userchartsconfigdir)
+
 chartsconfigdir=$(libconfigdir)/charts.d
 dist_chartsconfig_DATA = \
    $(NULL)
--- a/collectors/node.d.plugin/Makefile.am
+++ b/collectors/node.d.plugin/Makefile.am
@ -26,6 +26,10 @@ dist_usernodeconfig_DATA = \
    .keep \
    $(NULL)

+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(usernodeconfigdir)
+
 nodeconfigdir=$(libconfigdir)/node.d
 dist_nodeconfig_DATA = \
    $(NULL)
--- a/collectors/python.d.plugin/Makefile.am
+++ b/collectors/python.d.plugin/Makefile.am
@ -32,6 +32,10 @@ dist_userpythonconfig_DATA = \
    .keep \
    $(NULL)

+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(userpythonconfigdir)
+
 pythonconfigdir=$(libconfigdir)/python.d
 dist_pythonconfig_DATA = \
    $(NULL)
--- a/collectors/statsd.plugin/Makefile.am
+++ b/collectors/statsd.plugin/Makefile.am
@ -16,3 +16,7 @@ userstatsdconfigdir=$(configdir)/statsd.d
 dist_userstatsdconfig_DATA = \
    .keep \
    $(NULL)
+
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(userstatsdconfigdir)
--- a/contrib/debian/rules
+++ b/contrib/debian/rules
@ -28,10 +28,6 @@ debian/%.postinst: debian/%.postinst.in
 override_dh_install: debian/netdata.postinst
 	dh_install

-	# Remove unneeded .keep files
-	#
-	find "$(TOP)" -name .keep -exec rm '{}' ';'
-
 	# Set the CUPS plugin install rule
 	#
 	mkdir -p $(TOP)-plugin-cups/usr/libexec/netdata/plugins.d
@ -40,24 +36,9 @@ override_dh_install: debian/netdata.postinst

 	# Set the rest of the software in the main package
 	#
-	cp -rp $(TEMPTOP)/usr $(TOP)/usr
-	cp -rp $(TEMPTOP)/var $(TOP)/var
-	#cp -rp $(TEMPTOP)/etc $(TOP)/etc
-
-	# Copy sample netdata.conf
-	cp -p $(CURDIR)/system/edit-config $(TOP)/etc/netdata/
-
-	# Create placeholder dirs in netdata configuration directory
-	#
-	mkdir -p $(TOP)/etc/netdata/health.d
-	mkdir -p $(TOP)/etc/netdata/python.d
-	mkdir -p $(TOP)/etc/netdata/charts.d
-	mkdir -p $(TOP)/etc/netdata/cystonm-plugins.d
-	mkdir -p $(TOP)/etc/netdata/go.d
-	mkdir -p $(TOP)/etc/netdata/ssl
-	mkdir -p $(TOP)/etc/netdata/node.d
-	mkdir -p $(TOP)/etc/netdata/statsd.d
-
+	cp -rp $(TEMPTOP)/usr $(TOP)
+	cp -rp $(TEMPTOP)/var $(TOP)
+	cp -rp $(TEMPTOP)/etc $(TOP)

 	# Move files that local user shouldn't be editing to /usr/share/netdata
 	#
@ -110,10 +91,6 @@ override_dh_fixperms:
 	chmod 0754 $(TOP)/usr/libexec/netdata/plugins.d/slabinfo.plugin
 	chmod 0750 $(TOP)/usr/libexec/netdata/plugins.d/go.d.plugin

-	# Support script for configuration file management
-	#
-	chmod 0750 $(TOP)/etc/netdata/edit-config
-
 	# CUPS plugin package
 	chmod 0750 $(TOP)-plugin-cups/usr/libexec/netdata/plugins.d/cups.plugin

--- a/health/Makefile.am
+++ b/health/Makefile.am
@ -19,6 +19,10 @@ dist_userhealthconfig_DATA = \
    .keep \
    $(NULL)

+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(userhealthconfigdir)
+
 healthconfigdir=$(libconfigdir)/health.d
 dist_healthconfig_DATA = \
    health.d/adaptec_raid.conf \
--- a/netdata-installer.sh
+++ b/netdata-installer.sh
@ -590,7 +590,7 @@ if [ "${UID}" = "0" ]; then
 	ROOT_USER="root"
 else
 	NETDATA_USER="${USER}"
-	ROOT_USER="${NETDATA_USER}"
+	ROOT_USER="${USER}"
 fi
 NETDATA_GROUP="$(id -g -n "${NETDATA_USER}")"
 [ -z "${NETDATA_GROUP}" ] && NETDATA_GROUP="${NETDATA_USER}"
@ -649,19 +649,6 @@ if [ ! -d "${NETDATA_RUN_DIR}" ]; then
 	run mkdir -p "${NETDATA_RUN_DIR}" || exit 1
 fi

-# --- conf dir ----
-
-for x in "python.d" "charts.d" "node.d" "health.d" "statsd.d" "go.d" "custom-plugins.d" "ssl"; do
-	if [ ! -d "${NETDATA_USER_CONFIG_DIR}/${x}" ]; then
-		echo >&2 "Creating directory '${NETDATA_USER_CONFIG_DIR}/${x}'"
-		run mkdir -p "${NETDATA_USER_CONFIG_DIR}/${x}" || exit 1
-	fi
-done
-run chown -R "${ROOT_USER}:${NETDATA_GROUP}" "${NETDATA_USER_CONFIG_DIR}"
-run find "${NETDATA_USER_CONFIG_DIR}" -type f -exec chmod 0640 {} \;
-run find "${NETDATA_USER_CONFIG_DIR}" -type d -exec chmod 0755 {} \;
-run chmod 755 "${NETDATA_USER_CONFIG_DIR}/edit-config"
-
 # --- stock conf dir ----

 [ ! -d "${NETDATA_STOCK_CONFIG_DIR}" ] && mkdir -p "${NETDATA_STOCK_CONFIG_DIR}"
@ -920,10 +907,7 @@ else
 	run_ok "netdata started!"
 	create_netdata_conf "${NETDATA_PREFIX}/etc/netdata/netdata.conf" "http://localhost:${NETDATA_PORT}/netdata.conf"
 fi
-if [ "${UID}" -eq 0 ]; then
-	run chown "${NETDATA_USER}" "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
-fi
-run chmod 0664 "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
+run chmod 0644 "${NETDATA_PREFIX}/etc/netdata/netdata.conf"

 if [ "$(uname)" = "Linux" ]; then
 	# -------------------------------------------------------------------------
@ -1086,6 +1070,7 @@ RELEASE_CHANNEL="${RELEASE_CHANNEL}"
 IS_NETDATA_STATIC_BINARY="${IS_NETDATA_STATIC_BINARY}"
 NETDATA_LIB_DIR="${NETDATA_LIB_DIR}"
 EOF
+run chmod 0644 "${NETDATA_USER_CONFIG_DIR}/.environment"

 echo >&2 "Setting netdata.tarball.checksum to 'new_installation'"
 cat <<EOF > "${NETDATA_LIB_DIR}/netdata.tarball.checksum"
--- a/netdata.spec.in
+++ b/netdata.spec.in
@ -256,7 +256,7 @@ autoreconf -ivf
 rm -rf "${RPM_BUILD_ROOT}"
 %{__make} %{?_smp_mflags} DESTDIR="${RPM_BUILD_ROOT}" install

-find "${RPM_BUILD_ROOT}" -name .keep -delete
+find "${RPM_BUILD_ROOT}%{_localstatedir}" -name .keep -delete -print

 install -m 644 -p system/netdata.conf "${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}"

@ -290,9 +290,6 @@ install -m 4750 -p slabinfo.plugin "${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/plug
 # ###########################################################
 # Install registry directory
 install -m 755 -d "${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{name}/registry"
-install -m 755 -d "${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/custom-plugins.d"
-install -m 755 -d "${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/go.d"
-install -m 755 -d "${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/ssl"

 # ###########################################################
 # Install netdata service
@ -423,12 +420,12 @@ rm -rf "${RPM_BUILD_ROOT}"

 %files
 %doc README.md
-%defattr(-,root,netdata)
+%{_sysconfdir}/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}/netdata.conf

-%dir %{_sysconfdir}/%{name}
+%defattr(-,root,netdata)
 %dir %{_libdir}/%{name}

-%config(noreplace) %{_sysconfdir}/%{name}/*.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}

 %{_libdir}/%{name}
@ -436,7 +433,6 @@ rm -rf "${RPM_BUILD_ROOT}"
 %defattr(0755,netdata,netdata,0755)
 %{_libexecdir}/%{name}
 %{_sbindir}/%{name}
-%{_sysconfdir}/%{name}/edit-config

 %defattr(4750,root,netdata,0750)

@ -466,15 +462,6 @@ rm -rf "${RPM_BUILD_ROOT}"
 %dir %{_datadir}/%{name}

 %defattr(0750,netdata,netdata,0755)
-
-%dir %{_sysconfdir}/%{name}/health.d
-%dir %{_sysconfdir}/%{name}/python.d
-%dir %{_sysconfdir}/%{name}/charts.d
-%dir %{_sysconfdir}/%{name}/custom-plugins.d
-%dir %{_sysconfdir}/%{name}/go.d
-%dir %{_sysconfdir}/%{name}/ssl
-%dir %{_sysconfdir}/%{name}/node.d
-%dir %{_sysconfdir}/%{name}/statsd.d
 %{_libdir}/%{name}/conf.d/

 %if %{with systemd}
@ -515,6 +502,8 @@ Use this plugin to enable metrics collection from cupsd, the daemon running when
 %endif

 %changelog
+* Mon Nov 04 2019 Konstantinos Natsakis <konstantinos.natsakis@gmail.com> 0.0.0-10
+- Fix /etc/netdata permissions
 * Mon Sep 23 2019 Konstantinos Natsakis <konstantinos.natsakis@gmail.com> 0.0.0-9
 - Do not build CUPS plugin subpackage on CentOS 6 and CentOS 7
 * Tue Aug 20 2019 Pavlos Emm. Katsoulakis <paul@netdat.acloud> - 0.0.0-8
--- a/packaging/makeself/install-or-update.sh
+++ b/packaging/makeself/install-or-update.sh
@ -200,19 +200,6 @@ then
 fi


-# -----------------------------------------------------------------------------
-
-progress "create user config directories"
-
-for x in "python.d" "charts.d" "node.d" "health.d" "statsd.d" "custom-plugins.d" "ssl"
-do
-    if [ ! -d "etc/netdata/${x}" ]
-        then
-        run mkdir -p "etc/netdata/${x}" || exit 1
-    fi
-done
-
-
 # -----------------------------------------------------------------------------
 progress "fix permissions"

@ -244,20 +231,18 @@ fi


 # -----------------------------------------------------------------------------
-
 if [ ${STARTIT} -eq 0 ]; then
-    create_netdata_conf "/opt/netdata/etc/netdata/netdata.conf"
-    netdata_banner "is installed now!"
+	create_netdata_conf "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
+	netdata_banner "is installed now!"
 else
-    progress "starting netdata"
+	progress "starting netdata"

-    if ! restart_netdata "/opt/netdata/bin/netdata"; then
-        create_netdata_conf "/opt/netdata/etc/netdata/netdata.conf"
-        netdata_banner "is installed and running now!"
-    else
-        create_netdata_conf "/opt/netdata/etc/netdata/netdata.conf" "http://localhost:19999/netdata.conf"
-        netdata_banner "is installed now!"
-    fi
+	if ! restart_netdata "${NETDATA_PREFIX}/bin/netdata"; then
+		create_netdata_conf "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
+		netdata_banner "is installed and running now!"
+	else
+		create_netdata_conf "${NETDATA_PREFIX}/etc/netdata/netdata.conf" "http://localhost:19999/netdata.conf"
+		netdata_banner "is installed now!"
+	fi
 fi
-run chown "${NETDATA_USER}:${NETDATA_GROUP}" "/opt/netdata/etc/netdata/netdata.conf"
-run chmod 0664 "/opt/netdata/etc/netdata/netdata.conf"
+run chmod 0644 "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
--- a/system/Makefile.am
+++ b/system/Makefile.am
@ -20,6 +20,10 @@ dist_config_SCRIPTS = \
    edit-config \
    $(NULL)

+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(configdir)
+
 nodist_noinst_DATA = \
    netdata-openrc \
    netdata.logrotate \
--- a/web/Makefile.am
+++ b/web/Makefile.am
@ -9,6 +9,12 @@ SUBDIRS = \
    server \
    $(NULL)

+usersslconfigdir=$(configdir)/ssl
+
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(usersslconfigdir)
+
 dist_noinst_DATA = \
    README.md \
    gui/confluence/README.md \