No obvious permissions error when `system.syslog` not available for mac agent installed with unprivileged flag.

Question

No obvious permissions error when `system.syslog` not available for mac agent installed with unprivileged flag.

amolnater-qasource opened this issue a month ago · comments

Kibana Build details:

VERSION: 8.14.0 BC3
BUILD: 73762
COMMIT: 2a492e1625f24336f3259b2b8df62b2b18127e81

Artifact Link: https://staging.elastic.co/8.14.0-7c638435/downloads/beats/elastic-agent/elastic-agent-8.14.0-darwin-aarch64.tar.gz

Preconditions:

8.14.0-BC3 Kibana cloud environment should be available.
MAC Agent should be installed with unprivileged flag.

Steps to reproduce:

Navigate to Data Streams tab.
Observe system.syslog not available for unprivileged mac agent

Expected Result:
system.syslog should be available for mac agent installed with unprivileged flag.

What's working fine:
system.syslog is available for mac agent installed without unprivileged flag.

Logs:
elastic-agent-diagnostics-2024-05-06T06-55-14Z-00.zip

Screenshot:

Elastic Machine · Answer 1 · Mon May 06 2024 15:05:19 GMT+0800 (China Standard Time)

Pinging @elastic/fleet (Team:Fleet)

Amol Nater · Answer 2 · Mon May 06 2024 15:05:28 GMT+0800 (China Standard Time)

@manishgupta-qasource Please review.

Manish Gupta · Answer 3 · Mon May 06 2024 15:07:58 GMT+0800 (China Standard Time)

Secondary review for this ticket is Done

Elastic Machine · Answer 4 · Mon May 06 2024 16:46:29 GMT+0800 (China Standard Time)

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

Craig MacKenzie · Answer 5 · Mon May 06 2024 23:34:38 GMT+0800 (China Standard Time)

This is expected, those files are owned by root and the admin group by default, so an unprivileged user can't read them.

-rw-r-----@  1 root            admin     13967 May  6 11:32 system.log
-rw-r-----   1 root            admin       895 May  5 00:00 system.log.0.gz
-rw-r-----   1 root            admin       950 May  4 00:11 system.log.1.gz
-rw-r-----   1 root            admin       978 May  3 00:03 system.log.2.gz
-rw-r-----   1 root            admin       953 May  2 00:15 system.log.3.gz
-rw-r-----   1 root            admin       942 May  1 00:04 system.log.4.gz
-rw-r-----   1 root            admin       961 Apr 30 00:02 system.log.5.gz

Craig MacKenzie · Answer 6 · Mon May 06 2024 23:35:09 GMT+0800 (China Standard Time)

I reworded the description to be about a missing, obvious permissions error for users to see to understand what is happening.

Blake Rouse · Answer 7 · Mon May 06 2024 23:42:19 GMT+0800 (China Standard Time)

This all comes back to inputs providing better error reporting back to Elastic Agent. Completely out of control of the Elastic Agent control plane, and all mechanisms exist for this information to be relayed back to the Elastic Agent and back to Fleet exist.

Shaunak Kashyap · Answer 8 · Wed May 08 2024 19:30:27 GMT+0800 (China Standard Time)

@cmacknz / @blakerouse would it be possible to capture the permissions-related findings from this issue in #4705? I'm trying to use that issue as a single place to capture all prerequisites required for successfully running Agent in unprivileged mode. Thanks!