From 5c51448f5fc0c9f458273c452e0ce855fc749a1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ry=20Plassat?= Date: Fri, 7 Jul 2017 18:30:23 +0200 Subject: [PATCH] Add permissions configuration for file output (#4638) This PR adds a `output.file.permissions` configuration option to control the file mode used when created the output file. --- CHANGELOG.asciidoc | 1 + auditbeat/auditbeat.reference.yml | 3 +++ filebeat/filebeat.reference.yml | 3 +++ heartbeat/heartbeat.reference.yml | 3 +++ libbeat/_meta/config.reference.yml | 3 +++ libbeat/docs/outputconfig.asciidoc | 5 +++++ libbeat/logp/file_rotator.go | 15 +++++++-------- libbeat/logp/file_rotator_test.go | 7 ++++++- libbeat/outputs/fileout/config.go | 2 ++ libbeat/outputs/fileout/file.go | 3 +++ metricbeat/metricbeat.reference.yml | 3 +++ packetbeat/packetbeat.reference.yml | 3 +++ winlogbeat/winlogbeat.reference.yml | 3 +++ 13 files changed, 45 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 7eaf87dc8f64..8a41795d77cb 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -71,6 +71,7 @@ https://github.com/elastic/beats/compare/v6.0.0-beta2...master[Check the HEAD di - Fix reloader error message to only print on actual error {pull}5066[5066] - Add support for enabling TLS renegotiation. {issue}4386[4386] - Add Azure VM support for add_cloud_metadata processor {pull}5355[5355] +- Add `output.file.permission` config option. {pull}4638[4638] *Auditbeat* diff --git a/auditbeat/auditbeat.reference.yml b/auditbeat/auditbeat.reference.yml index c304fb4cccb2..3b8cb46e116f 100644 --- a/auditbeat/auditbeat.reference.yml +++ b/auditbeat/auditbeat.reference.yml @@ -633,6 +633,9 @@ output.elasticsearch: # default is 7 files. #number_of_files: 7 + # Permissions to use for file creation. The default is 0600. + #permissions: 0600 + #----------------------------- Console output --------------------------------- #output.console: diff --git a/filebeat/filebeat.reference.yml b/filebeat/filebeat.reference.yml index 732f8450610b..87fcaf753113 100644 --- a/filebeat/filebeat.reference.yml +++ b/filebeat/filebeat.reference.yml @@ -1059,6 +1059,9 @@ output.elasticsearch: # default is 7 files. #number_of_files: 7 + # Permissions to use for file creation. The default is 0600. + #permissions: 0600 + #----------------------------- Console output --------------------------------- #output.console: diff --git a/heartbeat/heartbeat.reference.yml b/heartbeat/heartbeat.reference.yml index 23d2fa1e005c..248f10c9aad6 100644 --- a/heartbeat/heartbeat.reference.yml +++ b/heartbeat/heartbeat.reference.yml @@ -774,6 +774,9 @@ output.elasticsearch: # default is 7 files. #number_of_files: 7 + # Permissions to use for file creation. The default is 0600. + #permissions: 0600 + #----------------------------- Console output --------------------------------- #output.console: diff --git a/libbeat/_meta/config.reference.yml b/libbeat/_meta/config.reference.yml index bf6cf9dcd308..a7d1196d0529 100644 --- a/libbeat/_meta/config.reference.yml +++ b/libbeat/_meta/config.reference.yml @@ -560,6 +560,9 @@ output.elasticsearch: # default is 7 files. #number_of_files: 7 + # Permissions to use for file creation. The default is 0600. + #permissions: 0600 + #----------------------------- Console output --------------------------------- #output.console: diff --git a/libbeat/docs/outputconfig.asciidoc b/libbeat/docs/outputconfig.asciidoc index 06f42b2c12d0..979a235319a2 100644 --- a/libbeat/docs/outputconfig.asciidoc +++ b/libbeat/docs/outputconfig.asciidoc @@ -976,6 +976,7 @@ output.file: filename: {beatname_lc} #rotate_every_kb: 10000 #number_of_files: 7 + #permissions: 0600 ------------------------------------------------------------------------------ ==== Configuration options @@ -1011,6 +1012,10 @@ The maximum number of files to save under <>. When this number of f oldest file is deleted, and the rest of the files are shifted from last to first. The default is 7 files. +===== `permissions` + +Permissions to use for file creation. The default is 0600. + ===== `codec` Output codec configuration. If the `codec` section is missing, events will be json encoded. diff --git a/libbeat/logp/file_rotator.go b/libbeat/logp/file_rotator.go index c7db4d7acd60..b528618d898d 100644 --- a/libbeat/logp/file_rotator.go +++ b/libbeat/logp/file_rotator.go @@ -12,6 +12,7 @@ import ( const RotatorMaxFiles = 1024 const DefaultKeepFiles = 7 const DefaultRotateEveryBytes = 10 * 1024 * 1024 +const DefaultPermissions = 0600 type FileRotator struct { Path string @@ -56,6 +57,11 @@ func (rotator *FileRotator) CheckIfConfigSane() error { *rotator.RotateEveryBytes = DefaultRotateEveryBytes } + if rotator.Permissions == nil { + rotator.Permissions = new(uint32) + *rotator.Permissions = DefaultPermissions + } + if *rotator.KeepFiles < 2 || *rotator.KeepFiles >= RotatorMaxFiles { return fmt.Errorf("the number of files to keep should be between 2 and %d", RotatorMaxFiles-1) } @@ -164,7 +170,7 @@ func (rotator *FileRotator) Rotate() error { // create the new file path := rotator.FilePath(0) - current, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(rotator.getPermissions())) + current, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(*rotator.Permissions)) if err != nil { return err } @@ -177,10 +183,3 @@ func (rotator *FileRotator) Rotate() error { return nil } - -func (rotator *FileRotator) getPermissions() uint32 { - if rotator.Permissions == nil { - return 0600 - } - return *rotator.Permissions -} diff --git a/libbeat/logp/file_rotator_test.go b/libbeat/logp/file_rotator_test.go index 10d8519d6661..b03e7bd07930 100644 --- a/libbeat/logp/file_rotator_test.go +++ b/libbeat/logp/file_rotator_test.go @@ -27,12 +27,13 @@ func Test_Rotator(t *testing.T) { rotateeverybytes := uint64(1000) keepfiles := 3 - + perms := uint32(0655) rotator := FileRotator{ Path: dir, Name: "packetbeat", RotateEveryBytes: &rotateeverybytes, KeepFiles: &keepfiles, + Permissions: &perms, } err = rotator.Rotate() @@ -120,12 +121,14 @@ func Test_Rotator_By_Bytes(t *testing.T) { rotateeverybytes := uint64(100) keepfiles := 3 + perms := uint32(0655) rotator := FileRotator{ Path: dir, Name: "packetbeat", RotateEveryBytes: &rotateeverybytes, KeepFiles: &keepfiles, + Permissions: &perms, } for i := 0; i < 300; i++ { @@ -189,12 +192,14 @@ func TestRaceConditions(t *testing.T) { rotateeverybytes := uint64(10) keepfiles := 20 + perms := uint32(0600) rotator := FileRotator{ Path: dir, Name: "testbeat", RotateEveryBytes: &rotateeverybytes, KeepFiles: &keepfiles, + Permissions: &perms, } for i := 0; i < 1000; i++ { diff --git a/libbeat/outputs/fileout/config.go b/libbeat/outputs/fileout/config.go index 9e26a19cd216..a970e2025e63 100644 --- a/libbeat/outputs/fileout/config.go +++ b/libbeat/outputs/fileout/config.go @@ -13,12 +13,14 @@ type config struct { RotateEveryKb int `config:"rotate_every_kb" validate:"min=1"` NumberOfFiles int `config:"number_of_files"` Codec codec.Config `config:"codec"` + Permissions uint32 `config:"permissions"` } var ( defaultConfig = config{ NumberOfFiles: 7, RotateEveryKb: 10 * 1024, + Permissions: 0600, } ) diff --git a/libbeat/outputs/fileout/file.go b/libbeat/outputs/fileout/file.go index bf569058f399..42f64620407e 100644 --- a/libbeat/outputs/fileout/file.go +++ b/libbeat/outputs/fileout/file.go @@ -61,6 +61,9 @@ func (out *fileOutput) init(beat beat.Info, config config) error { logp.Info("File output path set to: %v", out.rotator.Path) logp.Info("File output base filename set to: %v", out.rotator.Name) + logp.Info("File output permissions set to: %#o", config.Permissions) + out.rotator.Permissions = &config.Permissions + rotateeverybytes := uint64(config.RotateEveryKb) * 1024 logp.Info("Rotate every bytes set to: %v", rotateeverybytes) out.rotator.RotateEveryBytes = &rotateeverybytes diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index eedcac9e35b0..47aa495d7ad8 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -1004,6 +1004,9 @@ output.elasticsearch: # default is 7 files. #number_of_files: 7 + # Permissions to use for file creation. The default is 0600. + #permissions: 0600 + #----------------------------- Console output --------------------------------- #output.console: diff --git a/packetbeat/packetbeat.reference.yml b/packetbeat/packetbeat.reference.yml index 1265829be342..e68bea234942 100644 --- a/packetbeat/packetbeat.reference.yml +++ b/packetbeat/packetbeat.reference.yml @@ -1012,6 +1012,9 @@ output.elasticsearch: # default is 7 files. #number_of_files: 7 + # Permissions to use for file creation. The default is 0600. + #permissions: 0600 + #----------------------------- Console output --------------------------------- #output.console: diff --git a/winlogbeat/winlogbeat.reference.yml b/winlogbeat/winlogbeat.reference.yml index cdbd759fc96e..7382c9eba4d1 100644 --- a/winlogbeat/winlogbeat.reference.yml +++ b/winlogbeat/winlogbeat.reference.yml @@ -589,6 +589,9 @@ output.elasticsearch: # default is 7 files. #number_of_files: 7 + # Permissions to use for file creation. The default is 0600. + #permissions: 0600 + #----------------------------- Console output --------------------------------- #output.console: