Add a permissions option to logging.files for all beats

CHANGELOG.asciidoc

@@ -65,6 +65,7 @@ https://github.com/elastic/beats/compare/v6.0.0-alpha1...master[Check the HEAD d
 - Add the option to write the generated Elasticsearch mapping template into a file. {pull}4323[4323]
 - Add instance_name in GCE add_cloud_metadata processor. {pull}4414[4414]
 - Add `add_docker_metadata` processor. {pull}4352[4352]
+- Add `logging.files` `permissions` option. {pull}4295[4295]
 
 *Filebeat*
 - Add experimental Redis slow log prospector type. {pull}4180[4180]

libbeat/docs/loggingconfig.asciidoc

@@ -27,6 +27,7 @@ logging.files:
   path: /var/log/mybeat
   name: mybeat.log
   keepfiles: 7
+  permissions: 0644
 ------------------------------------------------------------------------------
 
 TIP: In addition to setting logging options in the config file, you can modify
@@ -124,6 +125,18 @@ The number of most recent rotated log files to keep on disk. Older files are
 deleted during log rotation. The default value is 7. The `keepfiles` options has to be
 in the range of 2 to 1024 files.
 
+===== files.permissions
+
+The permission mask to apply when rotating log files. The default value is 0600. The
+ `permissions` options must be a valid Unix-style file permissions mask expressed 
+ in octal notation. In Go, numbers in octal notation must start with '0'.
+
+Examples:
+* 0644: give read and write access to the file owner, and read access to all others.
+* 0600: give read and write access to the file owner, and no access to all others.
+* 0664: give read and write access to the file owner and members of the group 
+associated with the file, as well as read access to all other users.
+
 ==== Logging Format
 
 The logging format is different for each logging type:

libbeat/logp/file_rotator.go

@@ -17,6 +17,7 @@ type FileRotator struct {
 	Name             string
 	RotateEveryBytes *uint64
 	KeepFiles        *int
+	Permissions      *uint32
 
 	current     *os.File
 	currentSize uint64
@@ -42,7 +43,7 @@ func (rotator *FileRotator) CreateDirectory() error {
 
 func (rotator *FileRotator) CheckIfConfigSane() error {
 	if len(rotator.Name) == 0 {
-		return fmt.Errorf("File logging requires a name for the file names")
+		return fmt.Errorf("file logging requires a name for the file names")
 	}
 	if rotator.KeepFiles == nil {
 		rotator.KeepFiles = new(int)
@@ -54,7 +55,11 @@ func (rotator *FileRotator) CheckIfConfigSane() error {
 	}
 
 	if *rotator.KeepFiles < 2 || *rotator.KeepFiles >= RotatorMaxFiles {
-		return fmt.Errorf("The number of files to keep should be between 2 and %d", RotatorMaxFiles-1)
+		return fmt.Errorf("the number of files to keep should be between 2 and %d", RotatorMaxFiles-1)
+	}
+
+	if rotator.Permissions != nil && (*rotator.Permissions > uint32(os.ModePerm)) {
+		return fmt.Errorf("the permissions mask %d is invalid", *rotator.Permissions)
 	}
 	return nil
 }
@@ -134,7 +139,7 @@ func (rotator *FileRotator) Rotate() error {
 
 		if rotator.FileExists(fileNo + 1) {
 			// next file exists, something is strange
-			return fmt.Errorf("File %s exists, when rotating would overwrite it", rotator.FilePath(fileNo+1))
+			return fmt.Errorf("file %s exists, when rotating would overwrite it", rotator.FilePath(fileNo+1))
 		}
 
 		err := os.Rename(path, rotator.FilePath(fileNo+1))
@@ -145,7 +150,7 @@ func (rotator *FileRotator) Rotate() error {
 
 	// create the new file
 	path := rotator.FilePath(0)
-	current, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
+	current, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(rotator.getPermissions()))
 	if err != nil {
 		return err
 	}
@@ -158,3 +163,10 @@ func (rotator *FileRotator) Rotate() error {
 
 	return nil
 }
+
+func (rotator *FileRotator) getPermissions() uint32 {
+	if rotator.Permissions == nil {
+		return 0600
+	}
+	return *rotator.Permissions
+}

libbeat/logp/file_rotator_test.go

@@ -160,4 +160,17 @@ func TestConfigSane(t *testing.T) {
 	}
 	assert.NotNil(t, rotator.CheckIfConfigSane())
 
+	perms := uint32(0544)
+	rotator = FileRotator{
+		Name:        "test2",
+		Permissions: &perms,
+	}
+	assert.Nil(t, rotator.CheckIfConfigSane())
+
+	perms = uint32(077777)
+	rotator = FileRotator{
+		Name:        "test2",
+		Permissions: &perms,
+	}
+	assert.NotNil(t, rotator.CheckIfConfigSane())
 }