apm-server runs as root by default

[prupert]

I am using the apm-server-6.4.1-1.x86_64 package for CentOS 7 and noticed that the apm-server process is running under the root user. This is probably not necessary and very insecure. A vulnerability in apm-server can fully compromise the system.

Suggested solution: run apm-server under it's own user with limited privileges.

[roncohen]

@prupert thanks! agreed, this is something we should do.

[graphaelli]

Modifications needed:

• create user and group apm-server
• [ ] write /etc/sysconfig/apm-server or /etc/default/apm-server with BEAT_USER=apm-server
• chown apm-server:apm-server /etc/apm-server/apm-server.yml
• create apm-server owned dirs /var/log/apm-server and /var/lib/apm-server

We'll need to be test upgrades.

[graphaelli]

The changes necessary to support this should be merged into libbeat shortly. After updating our vendored copy, this effort can proceed. By then #1421 should also be in to test any regressions introduced by this effort.

One snag is that changing permissions from root to apm-server has some caveats for upgrades. Namely, we don't want to restart a running process to pick up the new permissions and could end up in a situation where a running apm-server will fail to restart if permissions are changed from underneath it.

As a result, we will not change the default user in 6.x and will target the next major release (7.0) for that, and will include upgrade notes as part of that release. For 6.x, users are encouraged to use the mechanism already available, eg adding BEAT_USER=apm-serverto /etc/sysconfig/apm-server on rpm based systems, /etc/default/apm-server on deb based and managing that user manually.