Docker - Setup Generated Certs - Logstash Permission Denied

Hi All,

I'm trying to setup the elk stack with docker-compose, however Logstash cannot read the mounted certs directory, I'm guessing this is a permissions issue however I struggle to see why Elasticsearch, Kibana and Filebeat can all read the mounted certs while Logstash cannot.

The certs are created in roughly the same way as Running the Elastic Stack ("ELK") on Docker | Getting Started [8.1] | Elastic and mount correctly with everything else. When I attach a shell to Filebeat I am able to ls the directory for the certs but doing the same with Logstash results in permission denied. I am also able to run filebeat test output and the connection to Elasticsearch is successful.

Here is a GitHub link to the whole setup I have: GitHub - lluked/Elastic-Docker

Any suggestions would be appreciated.

Kind Regards
Luke

Hi All,

Running groups on the instances within elk gives different responses

Elasticsearch -> user elasticsearch belongs to group root only
Logstash -> user logstash belongs to group logstash only
Kibana -> user kibana belongs to groups kibana and root

As the getting started setup command chowns the certs to root:root this would explain why Logstash can't access them. Changing the setup command to chown as 1000:0 results in the certs being accessible for all instances.

My question would be why is there so much disparity between the users and groups in the docker images and why is the logstash user not a member of the root group in the Logstash image.