Hello,
i'm trying to setup filebeat as non root user.
Here the service file ;
[Unit]
Description=Filebeat sends log files to Logstash or directly to Elasticsearch.
Documentation=https://www.elastic.co/products/beats/filebeat
Wants=network-online.target
After=network-online.target
[Service]
Environment="BEAT_LOG_OPTS="
Environment="BEAT_CONFIG_OPTS=-c /etc/filebeat/filebeat.yml"
Environment="BEAT_PATH_OPTS=-path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat"
ExecStart=/usr/share/filebeat/bin/filebeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS
Restart=always
User=filebeat
Group=filebeat_group
[Install]
WantedBy=multi-user.target
Here the permission access on /etc/filebeat
-rwx------. 1 filebeat filebeat_group 2,3M 23 sept. 01:19 fields.yml
-rwx------. 1 filebeat filebeat_group 112K 23 sept. 01:19 filebeat.reference.yml
-rwx------. 1 filebeat filebeat_group 9,9K 21 déc. 10:06 filebeat.yml
-rw-r-----. 1 filebeat filebeat_group 9,9K 21 déc. 10:06 filebeat.yml.bck
-rwx------. 1 filebeat filebeat_group 8,8K 23 sept. 01:19 filebeat.yml.rpmnew
drwx------. 2 filebeat filebeat_group 4,0K 13 oct. 09:35 modules.d
Here the permission access on /var/lib/filebeat
-rwx------. 1 filebeat filebeat_group 314 13 nov. 09:51 filebeat.keystore
-rwx------. 1 filebeat filebeat_group 48 21 sept. 09:44 meta.json
drwx------. 3 filebeat filebeat_group 21 5 nov. 09:19 registry
Here is the error message ;
Exiting: could not initialize the keystore: file ("/var/lib/filebeat/filebeat.keystore") can only be writable and readable by the owner but the permissions are "-rwx------" (to fix the permissions use: 'chmod go-wrx /var/lib/filebeat/filebeat.keystore')`
But as you see, the permission folder and file is good. I try chmod go-wrx but as expected nothing change on permission file and folder.
Any idea ?
Thanks