No obvious permissions error when `system.syslog` not available for mac agent installed with unprivileged flag.
amolnater-qasource opened this issue · 8 comments
Kibana Build details:
VERSION: 8.14.0 BC3
BUILD: 73762
COMMIT: 2a492e1625f24336f3259b2b8df62b2b18127e81
Artifact Link: https://staging.elastic.co/8.14.0-7c638435/downloads/beats/elastic-agent/elastic-agent-8.14.0-darwin-aarch64.tar.gz
Preconditions:
- 8.14.0-BC3 Kibana cloud environment should be available.
- MAC Agent should be installed with unprivileged flag.
Steps to reproduce:
- Navigate to Data Streams tab.
- Observe
system.syslog
not available for unprivileged mac agent
Expected Result:
system.syslog
should be available for mac agent installed with unprivileged flag.
What's working fine:
system.syslog
is available for mac agent installed without unprivileged flag.
Pinging @elastic/fleet (Team:Fleet)
@manishgupta-qasource Please review.
Secondary review for this ticket is Done
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
This is expected, those files are owned by root and the admin group by default, so an unprivileged user can't read them.
-rw-r-----@ 1 root admin 13967 May 6 11:32 system.log
-rw-r----- 1 root admin 895 May 5 00:00 system.log.0.gz
-rw-r----- 1 root admin 950 May 4 00:11 system.log.1.gz
-rw-r----- 1 root admin 978 May 3 00:03 system.log.2.gz
-rw-r----- 1 root admin 953 May 2 00:15 system.log.3.gz
-rw-r----- 1 root admin 942 May 1 00:04 system.log.4.gz
-rw-r----- 1 root admin 961 Apr 30 00:02 system.log.5.gz
I reworded the description to be about a missing, obvious permissions error for users to see to understand what is happening.
This all comes back to inputs providing better error reporting back to Elastic Agent. Completely out of control of the Elastic Agent control plane, and all mechanisms exist for this information to be relayed back to the Elastic Agent and back to Fleet exist.
@cmacknz / @blakerouse would it be possible to capture the permissions-related findings from this issue in #4705? I'm trying to use that issue as a single place to capture all prerequisites required for successfully running Agent in unprivileged mode. Thanks!