Start Filebeat Service failed on argument test when it executed by non-root user #4333
Comments
|
This looks like the expected behavior to me. See the documentation here. Why are you changing the owner of the binary and config file? |
|
@andrewkroh I want to execute the filebeat with a non-root user. |
|
Changing the owner of the file won't cause it to be executed as a different user. You also need to modify the init.d script to change the user that the process executes as. The script will probably require multiple changes to execute the beat as a user other than root. It's not something that's easily configurable today. |
|
I think you would need to add The arguments are described here for daemon process: https://github.com/tsg/go-daemon/blob/master/god.c#L35-L36 In addition, the |
|
@andrewkroh sorry for something missed. --- packages/output_orig/etc/init.d/filebeat 2017-05-17 20:53:36.000000000 +0800
+++ packages/output/etc/init.d/filebeat 2017-05-17 20:55:44.000000000 +0800
@@ -27,8 +27,13 @@ pidfile=${PIDFILE-/var/run/filebeat.pid}
agent=${BEATS_AGENT-/usr/share/filebeat/bin/filebeat}
args="-c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat"
test_args="-e -configtest"
-wrapper="/usr/share/filebeat/bin/filebeat-god"
-wrapperopts="-r / -n -p $pidfile"
+if grep -q -i "release 7" /etc/redhat-release; then
+ wrapper="/usr/share/filebeat/bin/filebeat-god"
+else
+ wrapper="/usr/share/filebeat/bin/filebeat-god-el5"
+fi
+beat_user="monitor"
+wrapperopts="-r / -n -p $pidfile -u $beat_user"
RETVAL=0
# Source function library.
@@ -42,7 +47,7 @@ if status | grep -q -- '-p' 2>/dev/null;
fi
test() {
- $agent $args $test_args
+ runuser -s /bin/bash $beat_user -c "$agent $args $test_args"
}
start() {
diff -urpN packages/output_orig/lib/systemd/system/filebeat.service packages/output/lib/systemd/system/filebeat.service
--- packages/output_orig/lib/systemd/system/filebeat.service 2017-05-17 20:53:36.000000000 +0800
+++ packages/output/lib/systemd/system/filebeat.service 2017-05-17 20:54:10.000000000 +0800
@@ -6,6 +6,7 @@ After=network-online.target
[Service]
ExecStart=/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
+User=monitor
Restart=always
[Install]I'm not asking to implement it totally(it's just my practice to execute beats from non-root user). What I need is fixing the |
|
Haven't seen your latest comment. Anyway thanks for the response so quickly. |
|
I think it would be ideal to have the init script source a file like
I wouldn't want to merge a change only for the |
|
@andrewkroh I created an MR. Do you have a chance to check it? #4340 |
|
@andrewkroh I have exact same problem as you describe but even I change permission noting change and also I add -u user to -g group as you said but still noting change do you have any Idea what should I do ? this is what it show me each time : |
Where exactly you use or place the -stric.perms=false? |
Add "-strict.perms=false" in filebeat.service. It exact work for me.
`[Unit] [Service] Environment="BEAT_LOG_OPTS=-e" [Install] |
From the code, the argument test will be failed on
testfunction. Cause the checker.https://github.com/elastic/beats/blob/master/dev-tools/packer/platforms/centos/init.j2#L45
For confirmed bugs, please report:
yum install filebeatchown monitor:monitor /etc/filebeat/filebeat.yml /usr/share/filebeat/bin/filebeat/etc/init.d/filebeat startThe text was updated successfully, but these errors were encountered: