Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[SOLVED]Logstash permissions issue

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
adamk0001
Posts: 16
Joined: 2012-09-19 18:53

[SOLVED]Logstash permissions issue

#1 Post by adamk0001 »

Hi,

I have logstash http://logstash.net/docs/1.4.2/ installed from Elasticsearch's repository http://logstash.net/docs/1.4.2/repositories. I want logstash to parse /var/log/messages and /var/log/syslog. I have configured logstash to read those files but I get some errors in logstash's log:

Code: Select all

"failed to open /var/log/syslog: Permission denied - /var/log/syslog", :level=>:warn}
the logs are owned by root (rw), group adm (r):

Code: Select all

-rw-r----- 1 root          adm     <size>  Jul 25 21:00 messages
-rw-r----- 1 root          adm     <size>  Jul 25 21:09 syslog
Logstash runs from an init.d script as user 'logstash' & group 'logstash'.
I added user 'logstash' to group 'adm'.

Code: Select all

root# groups logstash
logstash : logstash adm
Restarting the logstash daemon doesn't help after adding it to the group 'adm'.

logstash's entry in /etc/passwd looks like this:

Code: Select all

logstash:x:999:999:LogStash Service User:/var/lib/logstash:/sbin/nologin
I changed that to replace /sbin/nologin with /bin/sh

Code: Select all

logstash:x:999:999:LogStash Service User:/var/lib/logstash:/bin/sh
so I can log in as 'logstash' on a console (maybe this would help logstash to be added to the group 'adm'...) and then I change /etc/passwd back and restart the daemon but it doesn't help.

When logstash is running from the init.d script it doesn't count as a 'login' - it does not appear in the output of

Code: Select all

 root# last|grep logstash
which may or may not be relevant.
Maybe there is something special about the adm group that I'm missing?

I do not wish to reboot the machine.

Thanks for any insight you may have into this!! I hope I'm overlooking something simple.
Last edited by adamk0001 on 2014-07-26 22:04, edited 1 time in total.
The feeling of helplessness that accompanies the use of Non-Free Software after learning and understanding the virtues brought forth through Free Software is not something any person can or should abide by (https://www.fsf.org/about/what-is-free-software)
Top
adamk0001
Posts: 16
Joined: 2012-09-19 18:53

Re: Logstash permissions issue

#2 Post by adamk0001 »

This post put me on the right track:
https://groups.google.com/forum/#!searc ... yIkZaDZTcJ

I don't want to use setfacl for every file on every server that I need to monitor with logstash, that is silly. I looked at /etc/init.d/logstash and it uses chroot to start the daemon.

Although the user 'logstash' is a member of group 'adm' to use a secondary group in the chroot we must add

Code: Select all

--groups <comma separated groups>
so the line in the start stanza should look something like this:

Code: Select all

nice -n ${LS_NICE} chroot --userspec $LS_USER:$LS_GROUP --groups adm / sh -c "
$LS_USER and $LS_GROUP are both 'logstash'. I tried changing $LS_GROUP to 'adm' previously and it could no longer connect to the redis-server... so that idea was out.
--groups works nicely
The feeling of helplessness that accompanies the use of Non-Free Software after learning and understanding the virtues brought forth through Free Software is not something any person can or should abide by (https://www.fsf.org/about/what-is-free-software)
Top
Post Reply

Return to “System and Network configuration”