Fix file permissions under directory (#15208)

* Fix health crash

* Revert "Fix health crash"

This reverts commit 2057e6f4216c5a10b25dcf56276ecb7da88079ca.

* Fix file permissions

* Fix registry directory permissions

* Recursively process directories as needed to fix permissions

* Fix recursion properly.

* Fix recursion properly (part 2)

* Fix recursion properly (part 3)

* Exclude www directories

* Fix recursion properly (part 4)

* Make systemd not touch directory permissions

* Info message if running as root

* Improve message

* Set CAP_CHOWN capability

2 files changed, 2 insertions, 8 deletions

diff --git a/system/systemd/netdata.service.in b/system/systemd/netdata.service.in
index c82307b478..afdac114c4 100644
--- a/system/systemd/netdata.service.in
+++ b/system/systemd/netdata.service.in
@@ -59,6 +59,8 @@ CapabilityBoundingSet=CAP_SYS_CHROOT
 CapabilityBoundingSet=CAP_NET_ADMIN
 # is required for plugins that use sudo
 CapabilityBoundingSet=CAP_SETGID CAP_SETUID
+# is required to change file ownership
+CapabilityBoundingSet=CAP_CHOWN
 
 # Sandboxing
 ProtectSystem=full
diff --git a/system/systemd/netdata.service.v235.in b/system/systemd/netdata.service.v235.in
index 07cef229f5..be5de4e36e 100644
--- a/system/systemd/netdata.service.v235.in
+++ b/system/systemd/netdata.service.v235.in
@@ -8,14 +8,6 @@ After=network.target httpd.service squid.service nfs-server.service mysqld.servi
 [Service]
 Type=simple
 User=root
-RuntimeDirectory=netdata
-CacheDirectory=netdata
-StateDirectory=netdata
-LogsDirectory=netdata
-RuntimeDirectoryMode=0775
-StateDirectoryMode=0755
-CacheDirectoryMode=0755
-LogsDirectoryMode=2750
 EnvironmentFile=-/etc/default/netdata
 ExecStart=@sbindir_POST@/netdata -D $EXTRA_OPTS