WARNING: Version 1.3 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Packetbeat can drop privileges after creating the sniffing socket.
Root access is required for opening the socket, but everything else requires no
privileges. Therefore, it is recommended that you have Packetbeat switch users after
the initialization phase. The
gid settings set the User Id and Group
Id under which Packetbeat runs.
On Linux, Setuid doesn’t change the uid of all threads, so the Go garbage collector will continue to run as root. Also note that process monitoring only works when running as root.
Example configuration for the
runoptions section of the
packetbeat.yml config file:
packetbeat: runoptions: uid=501 gid=501
runoptions configuration is supported on Linux only.