Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #19793 to 7.x: [Elastic Agent] Fix saving of agent configuration on Windows to have proper ACLs #19806

Merged
merged 1 commit into from
Jul 9, 2020
Merged

Cherry-pick #19793 to 7.x: [Elastic Agent] Fix saving of agent configuration on Windows to have proper ACLs #19806

merged 1 commit into from
Jul 9, 2020

Conversation

blakerouse
Copy link
Contributor

Cherry-pick of PR #19793 to 7.x branch. Original message:

What does this PR do?

Currently Elastic Agent only set unix based permissions and did not set proper ACL's on Windows. This adds a new module github.com/hectane/go-acl that ensures that a call to acl.Chmod sets the proper ACL on windows, just the same as it does on unix based systems.

Why is it important?

Both the fleet.yml and action_store.yml can include sensitive information, so the information needs to have strong permissions so only users with enough permissions can read those files.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • [ ] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Relates

@blakerouse
[Elastic Agent] Fix saving of agent configuration on Windows to have …
24e1c57 
…proper ACLs (elastic#19793)

* Fix permissions for windows to set proper ACLs

* Generate NOTICE.txt.

(cherry picked from commit d91b0d8)
@elasticmachine
Copy link
Collaborator

Pinging @elastic/ingest-management (Team:Ingest Management)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jul 9, 2020
@blakerouse blakerouse self-assigned this Jul 9, 2020
michalpristas
michalpristas approved these changes Jul 9, 2020
View reviewed changes
Copy link
Contributor

@michalpristas michalpristas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

backport looks ok

@blakerouse blakerouse merged commit 4b5fea4 into elastic:7.x Jul 9, 2020
@blakerouse blakerouse deleted the backport_19793_7.x branch July 9, 2020 18:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalpristas michalpristas michalpristas approved these changes

Assignees

@blakerouse blakerouse

Labels
backport [zube]: In Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@blakerouse @elasticmachine @michalpristas