Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No obvious permissions error when system.syslog not available for mac agent installed with unprivileged flag. #4675

Closed
amolnater-qasource opened this issue May 6, 2024 · 8 comments · Fixed by elastic/ingest-docs#1087
Closed

No obvious permissions error when system.syslog not available for mac agent installed with unprivileged flag. #4675

amolnater-qasource opened this issue May 6, 2024 · 8 comments · Fixed by elastic/ingest-docs#1087
Assignees
@VihasMakwana
Labels
bug Something isn't working impact:medium QA:Ready For Testing Code is merged and ready for QA to validate Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Comments

@amolnater-qasource
Copy link

Kibana Build details:

VERSION: 8.14.0 BC3
BUILD: 73762
COMMIT: 2a492e1625f24336f3259b2b8df62b2b18127e81

Artifact Link: https://staging.elastic.co/8.14.0-7c638435/downloads/beats/elastic-agent/elastic-agent-8.14.0-darwin-aarch64.tar.gz

Preconditions:

  1. 8.14.0-BC3 Kibana cloud environment should be available.
  2. MAC Agent should be installed with unprivileged flag.

Steps to reproduce:

  1. Navigate to Data Streams tab.
  2. Observe system.syslog not available for unprivileged mac agent

Expected Result:
system.syslog should be available for mac agent installed with unprivileged flag.

What's working fine:
system.syslog is available for mac agent installed without unprivileged flag.

Logs:
elastic-agent-diagnostics-2024-05-06T06-55-14Z-00.zip

Screenshot:
image
@amolnater-qasource amolnater-qasource added bug Something isn't working Team:Fleet Label for the Fleet team impact:medium labels May 6, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@amolnater-qasource
Copy link
Author

@manishgupta-qasource Please review.

@manishgupta-qasource
Copy link

Secondary review for this ticket is Done

@amolnater-qasource amolnater-qasource added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team and removed Team:Fleet Label for the Fleet team labels May 6, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@cmacknz
Copy link
Member

cmacknz commented May 6, 2024

This is expected, those files are owned by root and the admin group by default, so an unprivileged user can't read them.

-rw-r-----@  1 root            admin     13967 May  6 11:32 system.log
-rw-r-----   1 root            admin       895 May  5 00:00 system.log.0.gz
-rw-r-----   1 root            admin       950 May  4 00:11 system.log.1.gz
-rw-r-----   1 root            admin       978 May  3 00:03 system.log.2.gz
-rw-r-----   1 root            admin       953 May  2 00:15 system.log.3.gz
-rw-r-----   1 root            admin       942 May  1 00:04 system.log.4.gz
-rw-r-----   1 root            admin       961 Apr 30 00:02 system.log.5.gz

@cmacknz cmacknz changed the title system.syslog not available for mac agent installed with unprivileged flag. No obvious permissions error when system.syslog not available for mac agent installed with unprivileged flag. May 6, 2024
@cmacknz
Copy link
Member

cmacknz commented May 6, 2024

I reworded the description to be about a missing, obvious permissions error for users to see to understand what is happening.

@blakerouse
Copy link
Contributor

This all comes back to inputs providing better error reporting back to Elastic Agent. Completely out of control of the Elastic Agent control plane, and all mechanisms exist for this information to be relayed back to the Elastic Agent and back to Fleet exist.

@ycombinator
Copy link
Contributor

@cmacknz / @blakerouse would it be possible to capture the permissions-related findings from this issue in #4705? I'm trying to use that issue as a single place to capture all prerequisites required for successfully running Agent in unprivileged mode. Thanks!

@ycombinator ycombinator mentioned this issue May 9, 2024
Closed
@cmacknz cmacknz mentioned this issue May 24, 2024
Closed
@ycombinator ycombinator assigned nchaulet and unassigned kaanyalti Jun 12, 2024
@ycombinator ycombinator assigned VihasMakwana and unassigned nchaulet Jun 20, 2024
@jlind23 jlind23 mentioned this issue Jun 24, 2024
Merged
@amolnater-qasource amolnater-qasource added the QA:Ready For Testing Code is merged and ready for QA to validate label Jun 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VihasMakwana VihasMakwana

Labels
bug Something isn't working impact:medium QA:Ready For Testing Code is merged and ready for QA to validate Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add steps and details for running 'unprivileged' Elastic Agent kilfoyle/ingest-docs
9 participants
@ycombinator @nchaulet @cmacknz @blakerouse @elasticmachine @kaanyalti @manishgupta-qasource @amolnater-qasource @VihasMakwana