-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Agent] How we could reduce the need for root privileges for beats. #134
Comments
Original comment by @ph: @michalpristas I know we have logic in place to control group/user that a process is executed, but at the moment I don't think we ever exposed that to the end user. |
Original comment by @ph: cc @mattapperson for awareness. |
Original comment by @michalpristas: also a sidenote: this should be configurable, agent is capable of running beat as a different user if configuration is provided. |
Pinging @elastic/ingest-management (Team:ingest-management) |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
Closing this as done now that there is an unprivileged Elastic Agent experience. Example on Mac: #3867 |
Original comment by @ph:
The Agent starts the beats process with the same user as the agent process which means root. This is less than ideal if we want to lock down the process and reduce the risk.
TODO:
Define stories
The text was updated successfully, but these errors were encountered: