Document pre-requisites for running Elastic Agent in unprivileged mode #4705
Labels
documentation
Improvements or additions to documentation
Team:Elastic-Agent-Control-Plane
Label for the Agent Control Plane team
Background
Traditionally, privileged users (e.g.
root
on Linux) run Elastic Agent on a host. However, with #3598, #4362, #4264, and other follow-up PRs, it is now possible to run Elastic Agent with an unprivileged user.Problem statement
Running Agent as an unprivileged user has consequences. Not only does the Agent itself run as an unprivileged user, but so do the process components it orchestrates, e.g. the various Beats. Consequently, any integrations being handled by such components, e.g.
system
, might not have the necessary access on the host to collect all the data they can when running as a privileged user. The result is that users do not see data they might be expecting in these integrations' dashboards. Some examples of this situation are:system.security
dataset is not generated for Windows agent installed with unprivileged flag. #4647--unprivileged
flag, #4653system.syslog
not available for mac agent installed with unprivileged flag. #4675Similarly, users might encounter other issues related to the installing or running of Elastic Agent in privileged mode. Some examples of this situation are:
--base-path
and--unprivilege
command. #4690--base-path
and--unprivileged
flags. #4703Definition of done
Let's use this issue to collect any pre-requisites a user must perform to install and run Elastic Agent in unprivileged mode, as well as any other gotchas they might run into when using the
system
integration with an Elastic Agent running in unprivileged mode.For each pre-requisite let's capture the following information:
MacOS
Linux
Windows
The text was updated successfully, but these errors were encountered: