Kibana container: permission denied error related to /var/log/kibana.log

Dan567 · July 14, 2024, 12:01am

Hello community,

running Kibana v8.14.1 in its own Docker container.

Issue:
configuring Kibana to write its log file to /var/log/kibana.log, following the guidance in the Kibana logging settings documentation:

I encounter an EACCES: permission denied error related to /var/log/kibana.log.

This is because the /var/log directory inside the Kibana container is owned by root:root, and Kibana, running as a non-root user inside the container, does not have permission to write to it.

Does anyone encounter similar issue and how to fix it, thanks

****error:

Container elastic-stack-13jul-kibana-1 Error

$ sudo docker logs -f 5601f4e7f681
[Error: EACCES: permission denied, open '/var/log/kibana.log'] {
errno: -13,
code: 'EACCES',
syscall: 'open',
path: '/var/log/kibana.log'
}

docker compose and yml files


---docker-compose.yml---


...

kibana:
    depends_on:
      elasticsearch01:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
   # user: --allow-root
    labels:
      co.elastic.logs/module: kibana
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
      - "./kibana.yml:/usr/share/kibana/config/kibana.yml"
    
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://elasticsearch01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
      - XPACK_SECURITY_ENCRYPTIONKEY=${ENCRYPTION_KEY}
      - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=${ENCRYPTION_KEY}
      - XPACK_REPORTING_ENCRYPTIONKEY=${ENCRYPTION_KEY}
...

---$ cat kibana.yml---
logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana.log
      layout:
        type: pattern
  root:
    appenders: [file]

Dan567 · July 14, 2024, 5:06pm

I figured it out! I updated the YAML file and pointed kibana.log to the directory /usr/share/kibana/logs, to which user 'kibana' has full access, and it works for me now.

there's a logs directory under /usr/share/kibana and owner is kibana:

XXX@XXX:~/elastic-stack-13Jul$ sudo docker exec -it 6f7b907ea419 /bin/sh
$ pwd
/usr/share/kibana
$ ls -al
total 1832

...
drwxrwxr-x 1 kibana root 24 Jul 14 16:14 logs
...

Updated kibana.yml and point log file to this directory:

logging:

logging:
  appenders:
    file:
      type: file
      fileName: /usr/share/kibana/logs/kibana.log
      layout:
        type: pattern
  root:
    appenders: [file]
# New server settings
server:
  host: "0.0.0.0"
  shutdownTimeout: "5s"
# Existing Elasticsearch connection 
elasticsearch.hosts: [ "http://elasticsearch:9200" ]

"docker compose up" and Now the logs appear in the Kibana container:

-rw-rw-r-- 1 kibana kibana 20001 Jul 14 16:14 kibana.log

$ cat kibana.log

[2024-07-14T16:14:19.830+00:00][INFO ][root] Kibana is starting
[2024-07-14T16:14:19.901+00:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
[2024-07-14T16:14:27.714+00:00][INFO ][plugins-service] The following plugins ar

Topic		Replies	Views
Error: EACCES: permission denied, open '/usr/share/kibana/cert/elastic-certificates.key' Kibana elastic-stack-monitoring , elastic-stack-security , docker	1	40	August 12, 2024
Getting "FATAL Error: Unable to write Kibana UUID file, please check the uuid.server configuration value in kibana.yml" when running kibana container with a different user Kibana	2	3088	May 20, 2021
Kibana permission denied, open '/etc/kibana/kibana.yml' Kibana	5	2862	July 22, 2021
Kibana @ docker no logfiles Kibana docker	5	2540	December 24, 2020
Group permission inconsistency between Kibana and Elasticsearch docker images Kibana docker	2	432	February 15, 2021

Kibana container: permission denied error related to /var/log/kibana.log

Related Topics