Elastic-agent as non-root - possible?

el_gg · November 18, 2022, 4:12pm

Hi,

We're doing a POC on the ELK stack and are now looking into the elastic-agent and fleet. Our install is on RHEL8 VMs. We now ran into this:

Error: unable to perform install command, not executed with root permissions

I also found on Beats and Elastic Agent capabilities | Fleet and Elastic Agent Guide [8.11] | Elastic that

Fleet-managed Elastic Agents require root permission, in particular for Elastic Defend. Standalone Elastic Agents and Beats do not

Is it possible at all the install a fleet managed elastic-agent as non-root? Asking root permissions, letting something run as root or even installing something as root is a no-go in our environment.

leandrojmp · November 18, 2022, 5:36pm

I don't think so, the managed elastic-agent needs to be installed and run as root to be able to install and update the integrations and itself.

If you cannot use it as root then you will need to self-manage the agents or use one of the beats.

warkolm · November 21, 2022, 1:14am

Plus there is specific logs and other system level things the Beats need root access to be able to read.

system · December 23, 2022, 2:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.