Closed elasticmachine closed 3 months ago
elasticmachine
commented
4 years ago Original comment by @ph:
@michalpristas I know we have logic in place to control group/user that a process is executed, but at the moment I don't think we ever exposed that to the end user.
elasticmachine
commented
4 years ago Original comment by @ph:
cc @mattapperson for awareness.
elasticmachine
commented
4 years ago Original comment by @michalpristas:
also a sidenote: this should be configurable, agent is capable of running beat as a different user if configuration is provided. we have this isolation story in the backlog for specifying namespaces when running processes, i think this should also help
elasticmachine
commented
4 years ago Pinging @elastic/ingest-management (Team:ingest-management)
botelastic[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
elasticmachine
commented
2 years ago Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)
jlind23
commented
3 months ago Closing this as done now that there is an unprivileged Elastic Agent experience. Example on Mac: https://github.com/elastic/elastic-agent/issues/3867
Original comment by @ph:
The Agent starts the beats process with the same user as the agent process which means root. This is less than ideal if we want to lock down the process and reduce the risk.
TODO: Define stories