mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
b79d106c56
* fix: errors with missing posix extension It should be an optional dependency * add php71w-process to the CentOS 7 install docs
130 lines
4.7 KiB
PHP
130 lines
4.7 KiB
PHP
<?php
|
|
/**
|
|
* User.php
|
|
*
|
|
* Check that user is set properly and we are running as the correct user. Check that user is the owner of install_dir.
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
* @package LibreNMS
|
|
* @link http://librenms.org
|
|
* @copyright 2017 Tony Murray
|
|
* @author Tony Murray <murraytony@gmail.com>
|
|
*/
|
|
|
|
namespace LibreNMS\Validations;
|
|
|
|
use LibreNMS\Config;
|
|
use LibreNMS\Interfaces\ValidationGroup;
|
|
use LibreNMS\ValidationResult;
|
|
use LibreNMS\Validator;
|
|
|
|
class User implements ValidationGroup
|
|
{
|
|
/**
|
|
* Validate this module.
|
|
* To return ValidationResults, call ok, warn, fail, or result methods on the $validator
|
|
*
|
|
* @param Validator $validator
|
|
*/
|
|
public function validate(Validator $validator)
|
|
{
|
|
// Check we are running this as the root user
|
|
$username = $validator->getUsername();
|
|
$lnms_username = Config::get('user');
|
|
$lnms_groupname = Config::get('group', $lnms_username); // if group isn't set, fall back to user
|
|
|
|
if (!($username === 'root' || $username === $lnms_username)) {
|
|
if (isCli()) {
|
|
$validator->fail('You need to run this script as root' .
|
|
(Config::has('user') ? ' or ' . $lnms_username : ''));
|
|
} elseif (function_exists('posix_getgrnam')) {
|
|
$lnms_group = posix_getgrnam($lnms_groupname);
|
|
if (!in_array($username, $lnms_group['members'])) {
|
|
$validator->fail(
|
|
"Your web server or php-fpm is not running as user '$lnms_username' or in the group '$lnms_groupname''",
|
|
"usermod -a -G $lnms_groupname $username"
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
// Let's test the user configured if we have it
|
|
if (Config::has('user')) {
|
|
$dir = Config::get('install_dir');
|
|
|
|
$find_result = rtrim(`find $dir \! -user $lnms_username -o \! -group $lnms_groupname &> /dev/null`);
|
|
if (!empty($find_result)) {
|
|
// Ignore the two logs that may be created by the
|
|
$files = array_diff(explode(PHP_EOL, $find_result), array(
|
|
"$dir/logs/error_log",
|
|
"$dir/logs/access_log",
|
|
));
|
|
|
|
if (!empty($files)) {
|
|
$result = ValidationResult::fail(
|
|
"We have found some files that are owned by a different user than $lnms_username, this " .
|
|
'will stop you updating automatically and / or rrd files being updated causing graphs to fail.'
|
|
)
|
|
->setFix("chown -R $lnms_username:$lnms_groupname $dir")
|
|
->setList('Files', $files);
|
|
|
|
$validator->result($result);
|
|
}
|
|
}
|
|
} else {
|
|
$validator->warn("You don't have \$config['user'] set, this most likely needs to be set to librenms");
|
|
}
|
|
|
|
// check permissions
|
|
$rrd_dir = Config::get('rrd_dir');
|
|
if (!$this->checkFilePermissions($rrd_dir, '660')) {
|
|
$validator->fail("The rrd folder has improper permissions.", "chmod ug+rw $rrd_dir");
|
|
}
|
|
|
|
$log_dir = Config::get('log_dir');
|
|
if (!$this->checkFilePermissions($log_dir, '660')) {
|
|
$validator->fail("The log folder has improper permissions.", "chmod ug+rw $log_dir");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Checks file permissions against a minimum permissions mask.
|
|
* This only check that bits are enabled, not disabled.
|
|
* The mask is in the same format as posix permissions. For example, 600 means user read and write.
|
|
*
|
|
* @param string $file the name of the file to check
|
|
* @param $mask
|
|
* @return bool
|
|
*/
|
|
private function checkFilePermissions($file, $mask)
|
|
{
|
|
$perms = fileperms($file);
|
|
$mask = octdec($mask);
|
|
|
|
return ($perms & $mask) === $mask;
|
|
}
|
|
|
|
/**
|
|
* Returns if this test should be run by default or not.
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function isDefault()
|
|
{
|
|
return true;
|
|
}
|
|
}
|