Elastic Agent "chown" issues on Mac

kshort · December 15, 2022, 6:06pm

I have an issue when adding the elastic-agent on a Mac. I am following the "Install Elastic Agent on your host" instructions provided for Mac by my agent policy. When starting URL enrollment I get the error:

"Error: failed to fix permissions: chown /Library/Elastic/Agent/data/elastic-agent-0e1a73/elastic-agent.app: operation not permitted"

The /Library/Elastic/Agent directory does not exist after the install fails. The /Library/Elastic directory is created, but the Agent sub-directory is not.

If I manually create the /Library/Elastic/Agent directory, copy of the contents of the tar.gz file into it, and then run ./elastic-agent enroll instead of install I can get the agent to start.

Happens for both x86_64 and aarch64 systems (using the 8.5.3 version for x86_64 and aarch64 downloads respectively). Any thoughts as to why this happens and how to fix it?

The instructions I am following are (url and token removed for post):

curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.5.3-darwin-x86_64.tar.gz
tar xzvf elastic-agent-8.5.3-darwin-x86_64.tar.gz
cd elastic-agent-8.5.3-darwin-x86_64
sudo ./elastic-agent install --url= --enrollment-token=

Thanks!

MichelLaterman · December 19, 2022, 7:25pm

I think that if you manually create the Agent dir it wouldn't be associated with the correct user for elastic-agent to run as expected.

Can you delete the directory then post the output of the install command?

kshort · January 4, 2023, 4:32pm

Sure thing. Here is the output of the install command.

Elastic Agent will be installed at /Library/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:

{"log.level":"info","@timestamp":"2023-01-04T11:22:14.650-0500","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":471},"message":"Starting enrollment to URL: (url removed)","ecs.version":"1.6.0"}

Error: failed to fix permissions: chown /Library/Elastic/Agent/data/elastic-agent-0e1a73/elastic-agent.app: operation not permitted

For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.5/fleet-troubleshooting.html

Error: enroll command failed with exit code: 1

For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.5/fleet-troubleshooting.html

MichelLaterman · January 4, 2023, 7:07pm

Who owns /Library/Elastic/Agent?

kshort · January 4, 2023, 7:48pm

That directory doesn't exist. It doesn't seem to get created with the install command after it fails.

/Library/Elastic/ also doesn't exist.

ReneKalff · January 5, 2023, 3:14pm

Same issue here. Could it be that the .app is running at the time the chmod is performed? Installing the agent first without onboarding and then performing the enroll seems to work.
sudo ./elastic-agent install -f
sudo elastic-agent enroll --url= --enrollment-token=

ReneKalff · January 17, 2023, 8:40am

And another issue, the install fails is /usr/local/bin directory doens't exist. In our corporate environment some mac's do have that directory and some don't.

kshort · January 27, 2023, 4:33pm

Yep this seemed to work, thank you! I haven't come across any macs where /usr/local/bin doesn't exist, but will keep an eye out for that as well.

system · February 24, 2023, 4:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.