drjan
August 11, 2020, 7:11pm
1
When log files are rotated by metricbeat, the files created do not have the permissions specified in the metricbeat.yml file.
Here's part of metricbeat.yml:
logging.to_files: true
logging.files:
path: /var/log/metricbeat
name: metricbeat.log
keepfiles: 14
permissions: 0666
interval: 24h
rotateonstartup: true
And here are the log files in /var/log/metricbeat after it was restarted a number of times:
-rw-r-----. 1 root root 64031 Aug 11 19:10 metricbeat.log
-rw-r--r--. 1 root root 183 Aug 11 18:44 metricbeat.log-2020-08-11-1
-rw-r--r--. 1 root root 3334 Aug 11 18:44 metricbeat.log-2020-08-11-2
-rw-r-----. 1 root root 11634 Aug 11 18:45 metricbeat.log-2020-08-11-3
-rw-r-----. 1 root root 20225 Aug 11 18:49 metricbeat.log-2020-08-11-4
-rw-r-----. 1 root root 14298 Aug 11 18:51 metricbeat.log-2020-08-11-5
I don't really need 666 permissions on the log files (644 would be marvellous), it was a desperate act to see if anything would affect the file perms.
shaunak
August 11, 2020, 10:11pm
2
This is a security measure. Any files/folders created by Beats get a umask of 0027. This means any files will have at most 0640 permissions and any folders will have at most 0750 permissions. Essentially, we deliberately don't want any Beats-created files/folders to be world-readable.
Ref: https://github.com/elastic/beats/issues/14005 and https://github.com/elastic/beats/pull/14119 .
Shaunak
1 Like
drjan
August 13, 2020, 8:32am
3
Thanks for the speedy response
Can you update the documentation please? Right now it's actively misleading.
https://www.elastic.co/guide/en/beats/filebeat/current/configuration-logging.html#_logging_files_permissions
Thank you
shaunak
August 13, 2020, 10:40am
4
Created https://github.com/elastic/beats/issues/20584 to request and track the documentation update.
Shaunak
1 Like
system
September 10, 2020, 12:40pm
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
