Problems reading file by logstash input plugin (permissions)

Detlef · July 30, 2025, 8:01am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Opensearch v2.19.3 auf RHEL9
Logstash v7.17.29 auf RHEL8

Describe the issue:

Which permissions has to be set for a file read by input plugin of logstash ?

Following situation:

Logstash is running as service with user/group logstash/logstash.
Input plugin of logstash should read the file /home/myuser/subdir/log/env/error.log.

File error.log has following permissions and ownership:

-rw-rwxr--+ 1 myuser mygroup 2096306521 Jul 30 08:25 /home/myuser/subdir/log/env/error_log

The Directories have following permissions and ownership:

drwxr-xr-x. 24 root root 4096 Jan 26 2024 /home
drwxrwx---+ 14 myuser mygroup 4096 Jul 25 13:44 /home/myuser/
drwxrwxr-x+ 20 myuser mygroup 4096 Jan 16 2025 /home/myuser/subdir/
drwxrwxr-x+ 7 myuser mygroup 4096 Jul 22 05:37 /home/myuser/subdir/log/
drwxrwxr-x+ 2 myuser mygroup4096 Jul 28 15:33 /home/myuser/subdir/log/env

The user logstash is member of group logstash and mygroup.

Why it’s not possible for the input plugin to read the log file ? What’s wrong in the configuration ?

Thnx for any help !

Regards, Detlef

Leeroy · July 30, 2025, 9:22am

Hey @Detlef ,

At first glance *drwxrwx—+ 14 myuser mygroup 4096 Jul 25 13:44 /home/myuser/* is your issue, it has rwx for myuser and mygroup but nobody else can access. If you’re running logstash with user/group logstash/logstash then it would need read or to be added to the correct group to gain access.

Test by adding read and let me know how you get on or what error you see.

Leeroy.

Detlef · July 30, 2025, 11:33am

Hi @Leeroy,

the user logstash is already added to group mygroup. But it’s not working.

BTW, changing permission of /home/myuser/* to drwxrwxr-x does not change the problem. Still access denied.

Detlef

Leeroy · July 30, 2025, 11:49am

HI @Detlef ,

Can you share the new permissions to review and and group. Also any other information including the error would also go a long way to helping better understand your problem to aid in getting it resolved.

Leeroy.

Detlef · August 5, 2025, 8:59am

Hi @Leeroy

meanwhile I found the reason. The reason is an additional configured ACL for the home directory of the user. I don’t know, who has configured this. But it has to changed for access by user logstash.

Topic		Replies	Views
Logstash does not have index permissions Security	1	996	May 5, 2021
Restrict logs directory access permissions OpenSearch	1	361	March 2, 2023
("java.io.FilePermission" "/proc/self/task" "read") java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/self/task" "read") OpenSearch	1	1084	May 11, 2023
Permissions required for logstash when using data streams Security troubleshoot	12	2285	December 5, 2022
Why I don't find logstash in roles.yml? OpenSearch troubleshoot , configure	4	511	December 29, 2023

Problems reading file by logstash input plugin (permissions)

Related topics