From 1094175c3bd08ecf5c83c91605e9fd1d02052108 Mon Sep 17 00:00:00 2001
From: Konstantinos Natsakis <5933427+knatsakis@users.noreply.github.com>
Date: Mon, 11 Nov 2019 21:16:42 +0200
Subject: Ownership and permissions of /etc/netdata (#7244)

* make install takes care of ownership and permissions of /etc/netdata

Instead of netdata-installer.sh

* Fix identation in Makefile.am files

* netdata-installer.sh: Clearer variable assignment

* netdata-installer.sh: Set /etc/netdata/netdata.conf ownership to root:root and permissions to 0644

* netdata-installer.sh: Set /etc/netdata/.environment permissions to 0644

* install-or-update.sh: Set permissions for /opt/netdata/etc/netdata.conf to 0644

* install-or-update.sh: Use ${NETDATA_PREFIX} more

* install-or-update.sh: Improve indentation

* install-or-update.sh: Do not create /opt/netdata/etc/netdata directories

* debian/rules: /etc/netdata files and directories are now installed by make install

* debian/rules: Properly copy files across directories

When destination directory exists

* netdata.spec.in: /etc/netdata ownership and permissions

* Revert "Fix identation in Makefile.am files"

This reverts commit 63fdb299b69152fda6984f81b0fef02f364c5efe.

* Remove uninstall-local recipes from Makefile.am files

* Removed superfluous whitespace and hash
---
 collectors/Makefile.am                  |  8 +++++++
 collectors/charts.d.plugin/Makefile.am  |  4 ++++
 collectors/node.d.plugin/Makefile.am    |  4 ++++
 collectors/python.d.plugin/Makefile.am  |  4 ++++
 collectors/statsd.plugin/Makefile.am    |  4 ++++
 contrib/debian/rules                    | 29 +++---------------------
 health/Makefile.am                      |  4 ++++
 netdata-installer.sh                    | 21 +++---------------
 netdata.spec.in                         | 23 +++++--------------
 packaging/makeself/install-or-update.sh | 39 ++++++++++-----------------------
 system/Makefile.am                      |  4 ++++
 web/Makefile.am                         |  6 +++++
 12 files changed, 62 insertions(+), 88 deletions(-)

diff --git a/collectors/Makefile.am b/collectors/Makefile.am
index 3bdc6bb3db..7431025704 100644
--- a/collectors/Makefile.am
+++ b/collectors/Makefile.am
@@ -27,6 +27,14 @@ SUBDIRS = \
     tc.plugin \
     $(NULL)
 
+usercustompluginsconfigdir=$(configdir)/custom-plugins.d
+usergoconfigdir=$(configdir)/go.d
+
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(usercustompluginsconfigdir)
+	$(INSTALL) -d $(DESTDIR)$(usergoconfigdir)
+
 dist_noinst_DATA = \
     README.md \
     $(NULL)
diff --git a/collectors/charts.d.plugin/Makefile.am b/collectors/charts.d.plugin/Makefile.am
index fb5e2b956b..b3b2fb9279 100644
--- a/collectors/charts.d.plugin/Makefile.am
+++ b/collectors/charts.d.plugin/Makefile.am
@@ -34,6 +34,10 @@ dist_userchartsconfig_DATA = \
     .keep \
     $(NULL)
 
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(userchartsconfigdir)
+
 chartsconfigdir=$(libconfigdir)/charts.d
 dist_chartsconfig_DATA = \
     $(NULL)
diff --git a/collectors/node.d.plugin/Makefile.am b/collectors/node.d.plugin/Makefile.am
index fa97acd7f4..411bce9ec9 100644
--- a/collectors/node.d.plugin/Makefile.am
+++ b/collectors/node.d.plugin/Makefile.am
@@ -26,6 +26,10 @@ dist_usernodeconfig_DATA = \
     .keep \
     $(NULL)
 
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(usernodeconfigdir)
+
 nodeconfigdir=$(libconfigdir)/node.d
 dist_nodeconfig_DATA = \
     $(NULL)
diff --git a/collectors/python.d.plugin/Makefile.am b/collectors/python.d.plugin/Makefile.am
index 89b25efb17..cb14e3500f 100644
--- a/collectors/python.d.plugin/Makefile.am
+++ b/collectors/python.d.plugin/Makefile.am
@@ -32,6 +32,10 @@ dist_userpythonconfig_DATA = \
     .keep \
     $(NULL)
 
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(userpythonconfigdir)
+
 pythonconfigdir=$(libconfigdir)/python.d
 dist_pythonconfig_DATA = \
     $(NULL)
diff --git a/collectors/statsd.plugin/Makefile.am b/collectors/statsd.plugin/Makefile.am
index 0ba3d0fecc..87b6ca7a97 100644
--- a/collectors/statsd.plugin/Makefile.am
+++ b/collectors/statsd.plugin/Makefile.am
@@ -16,3 +16,7 @@ userstatsdconfigdir=$(configdir)/statsd.d
 dist_userstatsdconfig_DATA = \
     .keep \
     $(NULL)
+
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(userstatsdconfigdir)
diff --git a/contrib/debian/rules b/contrib/debian/rules
index 0e17e39539..56d346aeb7 100755
--- a/contrib/debian/rules
+++ b/contrib/debian/rules
@@ -28,10 +28,6 @@ debian/%.postinst: debian/%.postinst.in
 override_dh_install: debian/netdata.postinst
 	dh_install
 
-	# Remove unneeded .keep files
-	#
-	find "$(TOP)" -name .keep -exec rm '{}' ';'
-
 	# Set the CUPS plugin install rule
 	#
 	mkdir -p $(TOP)-plugin-cups/usr/libexec/netdata/plugins.d
@@ -40,24 +36,9 @@ override_dh_install: debian/netdata.postinst
 
 	# Set the rest of the software in the main package
 	#
-	cp -rp $(TEMPTOP)/usr $(TOP)/usr
-	cp -rp $(TEMPTOP)/var $(TOP)/var
-	#cp -rp $(TEMPTOP)/etc $(TOP)/etc
-
-	# Copy sample netdata.conf
-	cp -p $(CURDIR)/system/edit-config $(TOP)/etc/netdata/
-
-	# Create placeholder dirs in netdata configuration directory
-	#
-	mkdir -p $(TOP)/etc/netdata/health.d
-	mkdir -p $(TOP)/etc/netdata/python.d
-	mkdir -p $(TOP)/etc/netdata/charts.d
-	mkdir -p $(TOP)/etc/netdata/cystonm-plugins.d
-	mkdir -p $(TOP)/etc/netdata/go.d
-	mkdir -p $(TOP)/etc/netdata/ssl
-	mkdir -p $(TOP)/etc/netdata/node.d
-	mkdir -p $(TOP)/etc/netdata/statsd.d
-
+	cp -rp $(TEMPTOP)/usr $(TOP)
+	cp -rp $(TEMPTOP)/var $(TOP)
+	cp -rp $(TEMPTOP)/etc $(TOP)
 
 	# Move files that local user shouldn't be editing to /usr/share/netdata
 	#
@@ -110,10 +91,6 @@ override_dh_fixperms:
 	chmod 0754 $(TOP)/usr/libexec/netdata/plugins.d/slabinfo.plugin
 	chmod 0750 $(TOP)/usr/libexec/netdata/plugins.d/go.d.plugin
 
-	# Support script for configuration file management
-	#
-	chmod 0750 $(TOP)/etc/netdata/edit-config
-
 	# CUPS plugin package
 	chmod 0750 $(TOP)-plugin-cups/usr/libexec/netdata/plugins.d/cups.plugin
 
diff --git a/health/Makefile.am b/health/Makefile.am
index 5463bbda36..f63faa8af0 100644
--- a/health/Makefile.am
+++ b/health/Makefile.am
@@ -19,6 +19,10 @@ dist_userhealthconfig_DATA = \
     .keep \
     $(NULL)
 
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(userhealthconfigdir)
+
 healthconfigdir=$(libconfigdir)/health.d
 dist_healthconfig_DATA = \
     health.d/adaptec_raid.conf \
diff --git a/netdata-installer.sh b/netdata-installer.sh
index b679bcc231..9f9704645a 100755
--- a/netdata-installer.sh
+++ b/netdata-installer.sh
@@ -590,7 +590,7 @@ if [ "${UID}" = "0" ]; then
 	ROOT_USER="root"
 else
 	NETDATA_USER="${USER}"
-	ROOT_USER="${NETDATA_USER}"
+	ROOT_USER="${USER}"
 fi
 NETDATA_GROUP="$(id -g -n "${NETDATA_USER}")"
 [ -z "${NETDATA_GROUP}" ] && NETDATA_GROUP="${NETDATA_USER}"
@@ -649,19 +649,6 @@ if [ ! -d "${NETDATA_RUN_DIR}" ]; then
 	run mkdir -p "${NETDATA_RUN_DIR}" || exit 1
 fi
 
-# --- conf dir ----
-
-for x in "python.d" "charts.d" "node.d" "health.d" "statsd.d" "go.d" "custom-plugins.d" "ssl"; do
-	if [ ! -d "${NETDATA_USER_CONFIG_DIR}/${x}" ]; then
-		echo >&2 "Creating directory '${NETDATA_USER_CONFIG_DIR}/${x}'"
-		run mkdir -p "${NETDATA_USER_CONFIG_DIR}/${x}" || exit 1
-	fi
-done
-run chown -R "${ROOT_USER}:${NETDATA_GROUP}" "${NETDATA_USER_CONFIG_DIR}"
-run find "${NETDATA_USER_CONFIG_DIR}" -type f -exec chmod 0640 {} \;
-run find "${NETDATA_USER_CONFIG_DIR}" -type d -exec chmod 0755 {} \;
-run chmod 755 "${NETDATA_USER_CONFIG_DIR}/edit-config"
-
 # --- stock conf dir ----
 
 [ ! -d "${NETDATA_STOCK_CONFIG_DIR}" ] && mkdir -p "${NETDATA_STOCK_CONFIG_DIR}"
@@ -920,10 +907,7 @@ else
 	run_ok "netdata started!"
 	create_netdata_conf "${NETDATA_PREFIX}/etc/netdata/netdata.conf" "http://localhost:${NETDATA_PORT}/netdata.conf"
 fi
-if [ "${UID}" -eq 0 ]; then
-	run chown "${NETDATA_USER}" "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
-fi
-run chmod 0664 "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
+run chmod 0644 "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
 
 if [ "$(uname)" = "Linux" ]; then
 	# -------------------------------------------------------------------------
@@ -1086,6 +1070,7 @@ RELEASE_CHANNEL="${RELEASE_CHANNEL}"
 IS_NETDATA_STATIC_BINARY="${IS_NETDATA_STATIC_BINARY}"
 NETDATA_LIB_DIR="${NETDATA_LIB_DIR}"
 EOF
+run chmod 0644 "${NETDATA_USER_CONFIG_DIR}/.environment"
 
 echo >&2 "Setting netdata.tarball.checksum to 'new_installation'"
 cat <<EOF > "${NETDATA_LIB_DIR}/netdata.tarball.checksum"
diff --git a/netdata.spec.in b/netdata.spec.in
index edf6a6c364..405e8f50e2 100644
--- a/netdata.spec.in
+++ b/netdata.spec.in
@@ -256,7 +256,7 @@ autoreconf -ivf
 rm -rf "${RPM_BUILD_ROOT}"
 %{__make} %{?_smp_mflags} DESTDIR="${RPM_BUILD_ROOT}" install
 
-find "${RPM_BUILD_ROOT}" -name .keep -delete
+find "${RPM_BUILD_ROOT}%{_localstatedir}" -name .keep -delete -print
 
 install -m 644 -p system/netdata.conf "${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}"
 
@@ -290,9 +290,6 @@ install -m 4750 -p slabinfo.plugin "${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/plug
 # ###########################################################
 # Install registry directory
 install -m 755 -d "${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{name}/registry"
-install -m 755 -d "${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/custom-plugins.d"
-install -m 755 -d "${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/go.d"
-install -m 755 -d "${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/ssl"
 
 # ###########################################################
 # Install netdata service
@@ -423,12 +420,12 @@ rm -rf "${RPM_BUILD_ROOT}"
 
 %files
 %doc README.md
-%defattr(-,root,netdata)
+%{_sysconfdir}/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}/netdata.conf
 
-%dir %{_sysconfdir}/%{name}
+%defattr(-,root,netdata)
 %dir %{_libdir}/%{name}
 
-%config(noreplace) %{_sysconfdir}/%{name}/*.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 
 %{_libdir}/%{name}
@@ -436,7 +433,6 @@ rm -rf "${RPM_BUILD_ROOT}"
 %defattr(0755,netdata,netdata,0755)
 %{_libexecdir}/%{name}
 %{_sbindir}/%{name}
-%{_sysconfdir}/%{name}/edit-config
 
 %defattr(4750,root,netdata,0750)
 
@@ -466,15 +462,6 @@ rm -rf "${RPM_BUILD_ROOT}"
 %dir %{_datadir}/%{name}
 
 %defattr(0750,netdata,netdata,0755)
-
-%dir %{_sysconfdir}/%{name}/health.d
-%dir %{_sysconfdir}/%{name}/python.d
-%dir %{_sysconfdir}/%{name}/charts.d
-%dir %{_sysconfdir}/%{name}/custom-plugins.d
-%dir %{_sysconfdir}/%{name}/go.d
-%dir %{_sysconfdir}/%{name}/ssl
-%dir %{_sysconfdir}/%{name}/node.d
-%dir %{_sysconfdir}/%{name}/statsd.d
 %{_libdir}/%{name}/conf.d/
 
 %if %{with systemd}
@@ -515,6 +502,8 @@ Use this plugin to enable metrics collection from cupsd, the daemon running when
 %endif
 
 %changelog
+* Mon Nov 04 2019 Konstantinos Natsakis <konstantinos.natsakis@gmail.com> 0.0.0-10
+- Fix /etc/netdata permissions
 * Mon Sep 23 2019 Konstantinos Natsakis <konstantinos.natsakis@gmail.com> 0.0.0-9
 - Do not build CUPS plugin subpackage on CentOS 6 and CentOS 7
 * Tue Aug 20 2019 Pavlos Emm. Katsoulakis <paul@netdat.acloud> - 0.0.0-8
diff --git a/packaging/makeself/install-or-update.sh b/packaging/makeself/install-or-update.sh
index 76f7c99212..7733d007ae 100755
--- a/packaging/makeself/install-or-update.sh
+++ b/packaging/makeself/install-or-update.sh
@@ -200,19 +200,6 @@ then
 fi
 
 
-# -----------------------------------------------------------------------------
-
-progress "create user config directories"
-
-for x in "python.d" "charts.d" "node.d" "health.d" "statsd.d" "custom-plugins.d" "ssl"
-do
-    if [ ! -d "etc/netdata/${x}" ]
-        then
-        run mkdir -p "etc/netdata/${x}" || exit 1
-    fi
-done
-
-
 # -----------------------------------------------------------------------------
 progress "fix permissions"
 
@@ -244,20 +231,18 @@ fi
 
 
 # -----------------------------------------------------------------------------
-
 if [ ${STARTIT} -eq 0 ]; then
-    create_netdata_conf "/opt/netdata/etc/netdata/netdata.conf"
-    netdata_banner "is installed now!"
+	create_netdata_conf "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
+	netdata_banner "is installed now!"
 else
-    progress "starting netdata"
-
-    if ! restart_netdata "/opt/netdata/bin/netdata"; then
-        create_netdata_conf "/opt/netdata/etc/netdata/netdata.conf"
-        netdata_banner "is installed and running now!"
-    else
-        create_netdata_conf "/opt/netdata/etc/netdata/netdata.conf" "http://localhost:19999/netdata.conf"
-        netdata_banner "is installed now!"
-    fi
+	progress "starting netdata"
+
+	if ! restart_netdata "${NETDATA_PREFIX}/bin/netdata"; then
+		create_netdata_conf "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
+		netdata_banner "is installed and running now!"
+	else
+		create_netdata_conf "${NETDATA_PREFIX}/etc/netdata/netdata.conf" "http://localhost:19999/netdata.conf"
+		netdata_banner "is installed now!"
+	fi
 fi
-run chown "${NETDATA_USER}:${NETDATA_GROUP}" "/opt/netdata/etc/netdata/netdata.conf"
-run chmod 0664 "/opt/netdata/etc/netdata/netdata.conf"
+run chmod 0644 "${NETDATA_PREFIX}/etc/netdata/netdata.conf"
diff --git a/system/Makefile.am b/system/Makefile.am
index 570d4eaeb4..ad68c65541 100644
--- a/system/Makefile.am
+++ b/system/Makefile.am
@@ -20,6 +20,10 @@ dist_config_SCRIPTS = \
     edit-config \
     $(NULL)
 
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(configdir)
+
 nodist_noinst_DATA = \
     netdata-openrc \
     netdata.logrotate \
diff --git a/web/Makefile.am b/web/Makefile.am
index 9d374b4db9..ccaccd764c 100644
--- a/web/Makefile.am
+++ b/web/Makefile.am
@@ -9,6 +9,12 @@ SUBDIRS = \
     server \
     $(NULL)
 
+usersslconfigdir=$(configdir)/ssl
+
+# Explicitly install directories to avoid permission issues due to umask
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(usersslconfigdir)
+
 dist_noinst_DATA = \
     README.md \
     gui/confluence/README.md \
-- 
cgit v1.2.3