Permissions not sticking on packages.php

The group write permission on /opt/librenms/bootstrap/cache/packages.php is being removed after running daily.sh.

root@librenms:/opt/librenms# ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 1.48.1-84-g8929cdb45
DB Schema | 2019_02_10_220000_add_dates_to_fdb (132)
PHP       | 7.2.15-0ubuntu0.18.04.1
MySQL     | 10.1.38-MariaDB-0ubuntu0.18.04.1
RRDTool   | 1.7.0
SNMP      | NET-SNMP 5.7.3
====================================

[OK]    Composer Version: 1.8.4
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct
[FAIL]  Some folders have incorrect file permissions, this may cause issues.
        [FIX]:
        sudo chown -R librenms:librenms /opt/librenms
        sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
        sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
        Files:
         /opt/librenms/bootstrap/cache/packages.php

After running the recommended permission fixes, validate.php shows no failures. Here are the permissions on packages.php:

root@librenms:/opt/librenms# ls -l /opt/librenms/bootstrap/cache/
total 16
-rwxrwxr-x 1 librenms librenms  1059 Feb 25 10:00 packages.php
-rw-rw-r-- 1 librenms librenms 11646 Feb 25 10:00 services.php

After running daily.sh, the group write permission is removed. This causes validate.php to again fail due to permissions on packages.php. Here are the permissions after running daily.sh:

root@librenms:/opt/librenms# ls -l /opt/librenms/bootstrap/cache/
total 16
-rwxr-xr-x 1 librenms librenms  1059 Feb 25 10:18 packages.php
-rw-rw-r-- 1 librenms librenms 11646 Feb 25 10:18 services.php

Hello,

Are you manually running ./daily.sh

Yes, I’m running it manually.

Dont that will break permissions let the cron run it.

If you dont want daily updates switch it off using. https://docs.librenms.org/General/Releases/

I was only manually running it as suggested on another post for a different issue I was having. I’ll see if the permissions change after it does it’s next run from the cron job.

1 Like

Don’t run things as the root user, that breaks permissions.

1 Like