Do not run logstash-forwarder as root (on Debian)

[gebi]

Hi,

On debian all logfiles should be readable by group adm.
It would thus be nice to have logstash-forwarder NOT run as root

Possible solution:

• Create system user/group logstash-forwarder and execute with this user/group
• Add logstash-forwarder to group adm, thus give access to all logfiles
• Create /var/log/logstash-forwarder with permissions logstash-forwarder:adm to gather all log files

[jordansissel]

This is fixed in #402

[peterholak]

In the version I cloned today, logstash-forwarder still runs as root by default, even though the logstash-forwarder user was created.

I ran make followed by make deb, and installed the resulting package. The /etc/default/logstash-forwarder file it created has user="root" in it, and after starting the service, logstash-forwarder really does run as root.

[Alexul]

Hi,

Whats status on this? 0.4.0 on debian still runs as root...

[jordansissel]

For now, you may work around this by editing the init script or the /etc/default/ file and providing your desired value.

For a solution, I don't know. We currently deploy 1 deb package intended to service all deb-using platforms. The further specialization that we do will cause this 1 deb to stop working on certain platforms. Addtionally, the assumption that all logs are readable by the adm group is probably only considering the default /var/log population that ships with stock Debian systems and not including other applications or components deployed by the user.

I don't know what a good solution is. I will agree that running as root is not desirable, but doing so will cause other problems that I'd like to see fixed also.

[Alexul]

Ok, works for me. But nice value from /etc/default/ never used in init
now: chroot --userspec "$user":"$group" "$chroot" sh -c "
should be: nice -n $nice chroot --userspec "$user":"$group" "$chroot" sh -c "