Skip to content

Cherry-pick #19793 to 7.x: [Elastic Agent] Fix saving of agent configuration on Windows to have proper ACLs#19806

Merged
blakerouse merged 1 commit intoelastic:7.xfrom
blakerouse:backport_19793_7.x
Jul 9, 2020
Merged

Cherry-pick #19793 to 7.x: [Elastic Agent] Fix saving of agent configuration on Windows to have proper ACLs#19806
blakerouse merged 1 commit intoelastic:7.xfrom
blakerouse:backport_19793_7.x

Conversation

@blakerouse
Copy link
Copy Markdown
Contributor

@blakerouse blakerouse commented Jul 9, 2020

Cherry-pick of PR #19793 to 7.x branch. Original message:

What does this PR do?

Currently Elastic Agent only set unix based permissions and did not set proper ACL's on Windows. This adds a new module github.com/hectane/go-acl that ensures that a call to acl.Chmod sets the proper ACL on windows, just the same as it does on unix based systems.

Why is it important?

Both the fleet.yml and action_store.yml can include sensitive information, so the information needs to have strong permissions so only users with enough permissions can read those files.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • [ ] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Relates

@blakerouse
[Elastic Agent] Fix saving of agent configuration on Windows to have …
24e1c57 
…proper ACLs (elastic#19793)

* Fix permissions for windows to set proper ACLs

* Generate NOTICE.txt.

(cherry picked from commit d91b0d8)
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jul 9, 2020

Pinging @elastic/ingest-management (Team:Ingest Management)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jul 9, 2020
@blakerouse blakerouse self-assigned this Jul 9, 2020
michalpristas
michalpristas approved these changes Jul 9, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@michalpristas michalpristas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

backport looks ok

@blakerouse blakerouse merged commit 4b5fea4 into elastic:7.x Jul 9, 2020
@blakerouse blakerouse deleted the backport_19793_7.x branch July 9, 2020 18:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michalpristas michalpristas michalpristas approved these changes

Assignees

@blakerouse blakerouse

Labels

backport [zube]: In Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@blakerouse @elasticmachine @michalpristas