validate.php: Updated file permissions check

LibreNMS/Validations/User.php

@@ -63,6 +63,12 @@ public function validate(Validator $validator)
         // Let's test the user configured if we have it
         if (Config::has('user')) {
             $dir = Config::get('install_dir');
+
+            // generic fix
+            $fix = "sudo chown -R $lnms_username:$lnms_groupname $dir\n" .
+                "sudo setfacl -d -m g::rwx $dir/rrd $dir/logs $dir/bootstrap/cache/ $dir/storage/\n" .
+                "sudo chmod -R ug=rwX $dir/rrd $dir/logs $dir/bootstrap/cache/ $dir/storage/\n";
+
             $find_result = rtrim(`find $dir \! -user $lnms_username -o \! -group $lnms_groupname 2> /dev/null`);
             if (!empty($find_result)) {
                 // Ignore files created by the webserver
@@ -90,31 +96,32 @@ public function validate(Validator $validator)
                         "We have found some files that are owned by a different user than $lnms_username, this " .
                         'will stop you updating automatically and / or rrd files being updated causing graphs to fail.'
                     )
-                        ->setFix("chown -R $lnms_username:$lnms_groupname $dir")
+                        ->setFix($fix)
                         ->setList('Files', $files);
 
                     $validator->result($result);
+                    return;
                 }
             }
-        } else {
-            $validator->warn("You don't have \$config['user'] set, this most likely needs to be set to librenms");
-        }
 
-        // check permissions
-        $folders = [
-            'rrd' => Config::get('rrd_dir'),
-            'log' => Config::get('log_dir'),
-            'bootstrap' => "$dir/bootstrap/cache/",
-            'storage' => "$dir/storage/",
-            'cache' => "$dir/storage/framework/cache/",
-            'sessions' => "$dir/storage/framework/sessions/",
-            'views' => "$dir/storage/framework/views/",
-        ];
+            // check folder permissions
+            $folders = [
+                'rrd' => Config::get('rrd_dir'),
+                'log' => Config::get('log_dir'),
+                'bootstrap' => "$dir/bootstrap/cache/",
+                'storage' => "$dir/storage/",
+                'cache' => "$dir/storage/framework/cache/",
+                'sessions' => "$dir/storage/framework/sessions/",
+                'views' => "$dir/storage/framework/views/",
+            ];
 
-        foreach ($folders as $name => $folder) {
-            if (!check_file_permissions($folder, '660')) {
-                $validator->fail("The $name folder has improper permissions.", "chmod ug+rw $folder");
+            $folders_string = implode(' ', $folders);
+            $incorrect = exec("find $folders_string -group $lnms_groupname ! -perm -g=w");
+            if (!empty($incorrect)) {
+                $validator->fail("Some folders have incorrect file permissions", $fix);
             }
+        } else {
+            $validator->warn("You don't have \$config['user'] set, this most likely needs to be set to librenms");
         }
     }
 }