diff options
author | Stelios Fragkakis <52996999+stelfrag@users.noreply.github.com> | 2023-06-16 16:11:31 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-06-16 16:11:31 +0300 |
commit | 563ff0138d64864e85664d5d12b52d8f500cf446 (patch) | |
tree | 1a85c6788df9f07827ac8fed9d0ef40718449572 /system | |
parent | 221167141eaa04e67c1ad152abe4f4abbe082a80 (diff) |
Fix file permissions under directory (#15208)
* Fix health crash
* Revert "Fix health crash"
This reverts commit 2057e6f4216c5a10b25dcf56276ecb7da88079ca.
* Fix file permissions
* Fix registry directory permissions
* Recursively process directories as needed to fix permissions
* Fix recursion properly.
* Fix recursion properly (part 2)
* Fix recursion properly (part 3)
* Exclude www directories
* Fix recursion properly (part 4)
* Make systemd not touch directory permissions
* Info message if running as root
* Improve message
* Set CAP_CHOWN capability
Diffstat (limited to 'system')
-rw-r--r-- | system/systemd/netdata.service.in | 2 | ||||
-rw-r--r-- | system/systemd/netdata.service.v235.in | 8 |
2 files changed, 2 insertions, 8 deletions
diff --git a/system/systemd/netdata.service.in b/system/systemd/netdata.service.in index c82307b478..afdac114c4 100644 --- a/system/systemd/netdata.service.in +++ b/system/systemd/netdata.service.in @@ -59,6 +59,8 @@ CapabilityBoundingSet=CAP_SYS_CHROOT CapabilityBoundingSet=CAP_NET_ADMIN # is required for plugins that use sudo CapabilityBoundingSet=CAP_SETGID CAP_SETUID +# is required to change file ownership +CapabilityBoundingSet=CAP_CHOWN # Sandboxing ProtectSystem=full diff --git a/system/systemd/netdata.service.v235.in b/system/systemd/netdata.service.v235.in index 07cef229f5..be5de4e36e 100644 --- a/system/systemd/netdata.service.v235.in +++ b/system/systemd/netdata.service.v235.in @@ -8,14 +8,6 @@ After=network.target httpd.service squid.service nfs-server.service mysqld.servi [Service] Type=simple User=root -RuntimeDirectory=netdata -CacheDirectory=netdata -StateDirectory=netdata -LogsDirectory=netdata -RuntimeDirectoryMode=0775 -StateDirectoryMode=0755 -CacheDirectoryMode=0755 -LogsDirectoryMode=2750 EnvironmentFile=-/etc/default/netdata ExecStart=@sbindir_POST@/netdata -D $EXTRA_OPTS |