Closed jalvz closed 5 years ago
All subcommands that require reading the configuration file seem to be enforcing the permissions check. version
, test
and export
with no arguments don't read the configuration so I think it's ok that they don't throw an error. I think a good rule of thumb is any command that when run with strict.perms=false
still has a problem, like:
apm-server keystore add --strict.perms=false
error initializing beat: error loading config file: open /etc/apm-server/apm-server.yml: permission denied
should also have a problem with strict.perms=true
in the same way.
apm-server keystore add
error initializing beat: error loading config file: config file ("/etc/apm-server/apm-server.yml") must be owned by the beat user (uid=501) or root
Leaving this open in case you want to discuss further but I think it can be closed if you agree.
i'm fine closing, it only bugged me the asymmetry in the fact that unauthenticated requests to '/' do not return version
info
Maybe this has been discussed before and it is ok, but in Linux packaged installs some subcommands can be run with any user...
apm-server version
,apm-server test
,apm-server export
... While others require the right user:
sudo -u apm-server apm-server test config
,sudo -u apm-server apm-server setup
,sudo -u apm-server apm-server
,