Elastic-agent as non-root - possible?

el_gg · November 18, 2022, 4:12pm

Hi,

We're doing a POC on the ELK stack and are now looking into the elastic-agent and fleet. Our install is on RHEL8 VMs. We now ran into this:

Error: unable to perform install command, not executed with root permissions

I also found on Beats and Elastic Agent capabilities | Fleet and Elastic Agent Guide [8.11] | Elastic that

Fleet-managed Elastic Agents require root permission, in particular for Elastic Defend. Standalone Elastic Agents and Beats do not

Is it possible at all the install a fleet managed elastic-agent as non-root? Asking root permissions, letting something run as root or even installing something as root is a no-go in our environment.

leandrojmp · November 18, 2022, 5:36pm

I don't think so, the managed elastic-agent needs to be installed and run as root to be able to install and update the integrations and itself.

If you cannot use it as root then you will need to self-manage the agents or use one of the beats.

warkolm · November 21, 2022, 1:14am

Plus there is specific logs and other system level things the Beats need root access to be able to read.

system · December 23, 2022, 2:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to install fleet managed elastic agent Elastic Cloud on Kubernetes (ECK) docker , fleet	2	1013	November 4, 2022
Fleet service account permissions for filebeat threat intel Beats fleet , filebeat , elastic-agent	1	337	November 5, 2021
Elastic-agent not fond when running in Docker Elastic Agent fleet	1	478	December 13, 2022
Elastic Agent Linux Install Directory Beats fleet , elastic-agent	5	1451	December 15, 2020
Elastic Agent and/or Filebeat Beats filebeat , elastic-agent	2	2945	May 25, 2021

Elastic-agent as non-root - possible?

Related topics