Rotated log files have incorrect permissions

Elastic Stack Beats
1

When log files are rotated by metricbeat, the files created do not have the permissions specified in the metricbeat.yml file.

Here's part of metricbeat.yml:

logging.to_files: true
logging.files:
  path: /var/log/metricbeat
  name: metricbeat.log
  keepfiles: 14
  permissions: 0666
  interval: 24h
  rotateonstartup: true

And here are the log files in /var/log/metricbeat after it was restarted a number of times:

-rw-r-----. 1 root root 64031 Aug 11 19:10 metricbeat.log
-rw-r--r--. 1 root root   183 Aug 11 18:44 metricbeat.log-2020-08-11-1
-rw-r--r--. 1 root root  3334 Aug 11 18:44 metricbeat.log-2020-08-11-2
-rw-r-----. 1 root root 11634 Aug 11 18:45 metricbeat.log-2020-08-11-3
-rw-r-----. 1 root root 20225 Aug 11 18:49 metricbeat.log-2020-08-11-4
-rw-r-----. 1 root root 14298 Aug 11 18:51 metricbeat.log-2020-08-11-5

I don't really need 666 permissions on the log files (644 would be marvellous), it was a desperate act to see if anything would affect the file perms.

2

This is a security measure. Any files/folders created by Beats get a umask of 0027. This means any files will have at most 0640 permissions and any folders will have at most 0750 permissions. Essentially, we deliberately don't want any Beats-created files/folders to be world-readable.

Ref: https://github.com/elastic/beats/issues/14005 and https://github.com/elastic/beats/pull/14119.

Shaunak

3

Thanks for the speedy response :slight_smile:

Can you update the documentation please? Right now it's actively misleading.

https://www.elastic.co/guide/en/beats/filebeat/current/configuration-logging.html#_logging_files_permissions

Thank you :slight_smile:

4

Created https://github.com/elastic/beats/issues/20584 to request and track the documentation update.

Shaunak