Add permissions configuration for file output (#4638)

This PR adds a `output.file.permissions` configuration option to
control the file mode used when created the output file.

CHANGELOG.asciidoc

@@ -71,6 +71,7 @@ https://github.com/elastic/beats/compare/v6.0.0-beta2...master[Check the HEAD di
 - Fix reloader error message to only print on actual error {pull}5066[5066]
 - Add support for enabling TLS renegotiation. {issue}4386[4386]
 - Add Azure VM support for add_cloud_metadata processor {pull}5355[5355]
+- Add `output.file.permission` config option. {pull}4638[4638]
 
 *Auditbeat*
 

auditbeat/auditbeat.reference.yml

@@ -633,6 +633,9 @@ output.elasticsearch:
   # default is 7 files.
   #number_of_files: 7
 
+  # Permissions to use for file creation. The default is 0600.
+  #permissions: 0600
+
 
 #----------------------------- Console output ---------------------------------
 #output.console:

filebeat/filebeat.reference.yml

@@ -1059,6 +1059,9 @@ output.elasticsearch:
   # default is 7 files.
   #number_of_files: 7
 
+  # Permissions to use for file creation. The default is 0600.
+  #permissions: 0600
+
 
 #----------------------------- Console output ---------------------------------
 #output.console:

heartbeat/heartbeat.reference.yml

@@ -774,6 +774,9 @@ output.elasticsearch:
   # default is 7 files.
   #number_of_files: 7
 
+  # Permissions to use for file creation. The default is 0600.
+  #permissions: 0600
+
 
 #----------------------------- Console output ---------------------------------
 #output.console:

libbeat/_meta/config.reference.yml

@@ -560,6 +560,9 @@ output.elasticsearch:
   # default is 7 files.
   #number_of_files: 7
 
+  # Permissions to use for file creation. The default is 0600.
+  #permissions: 0600
+
 
 #----------------------------- Console output ---------------------------------
 #output.console:

libbeat/docs/outputconfig.asciidoc

@@ -976,6 +976,7 @@ output.file:
   filename: {beatname_lc}
   #rotate_every_kb: 10000
   #number_of_files: 7
+  #permissions: 0600
 ------------------------------------------------------------------------------
 
 ==== Configuration options
@@ -1011,6 +1012,10 @@ The maximum number of files to save under <<path,`path`>>. When this number of f
 oldest file is deleted, and the rest of the files are shifted from last to first. The default
 is 7 files.
 
+===== `permissions`
+
+Permissions to use for file creation. The default is 0600.
+
 ===== `codec`
 
 Output codec configuration. If the `codec` section is missing, events will be json encoded.

libbeat/logp/file_rotator.go

@@ -12,6 +12,7 @@ import (
 const RotatorMaxFiles = 1024
 const DefaultKeepFiles = 7
 const DefaultRotateEveryBytes = 10 * 1024 * 1024
+const DefaultPermissions = 0600
 
 type FileRotator struct {
 	Path             string
@@ -56,6 +57,11 @@ func (rotator *FileRotator) CheckIfConfigSane() error {
 		*rotator.RotateEveryBytes = DefaultRotateEveryBytes
 	}
 
+	if rotator.Permissions == nil {
+		rotator.Permissions = new(uint32)
+		*rotator.Permissions = DefaultPermissions
+	}
+
 	if *rotator.KeepFiles < 2 || *rotator.KeepFiles >= RotatorMaxFiles {
 		return fmt.Errorf("the number of files to keep should be between 2 and %d", RotatorMaxFiles-1)
 	}
@@ -164,7 +170,7 @@ func (rotator *FileRotator) Rotate() error {
 
 	// create the new file
 	path := rotator.FilePath(0)
-	current, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(rotator.getPermissions()))
+	current, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(*rotator.Permissions))
 	if err != nil {
 		return err
 	}
@@ -177,10 +183,3 @@ func (rotator *FileRotator) Rotate() error {
 
 	return nil
 }
-
-func (rotator *FileRotator) getPermissions() uint32 {
-	if rotator.Permissions == nil {
-		return 0600
-	}
-	return *rotator.Permissions
-}

libbeat/logp/file_rotator_test.go

@@ -27,12 +27,13 @@ func Test_Rotator(t *testing.T) {
 
 	rotateeverybytes := uint64(1000)
 	keepfiles := 3
-
+	perms := uint32(0655)
 	rotator := FileRotator{
 		Path:             dir,
 		Name:             "packetbeat",
 		RotateEveryBytes: &rotateeverybytes,
 		KeepFiles:        &keepfiles,
+		Permissions:      &perms,
 	}
 
 	err = rotator.Rotate()
@@ -120,12 +121,14 @@ func Test_Rotator_By_Bytes(t *testing.T) {
 
 	rotateeverybytes := uint64(100)
 	keepfiles := 3
+	perms := uint32(0655)
 
 	rotator := FileRotator{
 		Path:             dir,
 		Name:             "packetbeat",
 		RotateEveryBytes: &rotateeverybytes,
 		KeepFiles:        &keepfiles,
+		Permissions:      &perms,
 	}
 
 	for i := 0; i < 300; i++ {
@@ -189,12 +192,14 @@ func TestRaceConditions(t *testing.T) {
 
 	rotateeverybytes := uint64(10)
 	keepfiles := 20
+	perms := uint32(0600)
 
 	rotator := FileRotator{
 		Path:             dir,
 		Name:             "testbeat",
 		RotateEveryBytes: &rotateeverybytes,
 		KeepFiles:        &keepfiles,
+		Permissions:      &perms,
 	}
 
 	for i := 0; i < 1000; i++ {

libbeat/outputs/fileout/config.go

@@ -13,12 +13,14 @@ type config struct {
 	RotateEveryKb int          `config:"rotate_every_kb" validate:"min=1"`
 	NumberOfFiles int          `config:"number_of_files"`
 	Codec         codec.Config `config:"codec"`
+	Permissions   uint32       `config:"permissions"`
 }
 
 var (
 	defaultConfig = config{
 		NumberOfFiles: 7,
 		RotateEveryKb: 10 * 1024,
+		Permissions:   0600,
 	}
 )
 

libbeat/outputs/fileout/file.go

@@ -61,6 +61,9 @@ func (out *fileOutput) init(beat beat.Info, config config) error {
 	logp.Info("File output path set to: %v", out.rotator.Path)
 	logp.Info("File output base filename set to: %v", out.rotator.Name)
 
+	logp.Info("File output permissions set to: %#o", config.Permissions)
+	out.rotator.Permissions = &config.Permissions
+
 	rotateeverybytes := uint64(config.RotateEveryKb) * 1024
 	logp.Info("Rotate every bytes set to: %v", rotateeverybytes)
 	out.rotator.RotateEveryBytes = &rotateeverybytes

metricbeat/metricbeat.reference.yml

@@ -1004,6 +1004,9 @@ output.elasticsearch:
   # default is 7 files.
   #number_of_files: 7
 
+  # Permissions to use for file creation. The default is 0600.
+  #permissions: 0600
+
 
 #----------------------------- Console output ---------------------------------
 #output.console:

packetbeat/packetbeat.reference.yml

@@ -1012,6 +1012,9 @@ output.elasticsearch:
   # default is 7 files.
   #number_of_files: 7
 
+  # Permissions to use for file creation. The default is 0600.
+  #permissions: 0600
+
 
 #----------------------------- Console output ---------------------------------
 #output.console:

winlogbeat/winlogbeat.reference.yml

@@ -589,6 +589,9 @@ output.elasticsearch:
   # default is 7 files.
   #number_of_files: 7
 
+  # Permissions to use for file creation. The default is 0600.
+  #permissions: 0600
+
 
 #----------------------------- Console output ---------------------------------
 #output.console: