diff --git a/REFERENCE.md b/REFERENCE.md
index 951ed620..e877fa79 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -110,6 +110,8 @@ The following parameters are available in the `logstash` class:
* [`home_dir`](#-logstash--home_dir)
* [`logstash_user`](#-logstash--logstash_user)
* [`logstash_group`](#-logstash--logstash_group)
+* [`config_user`](#-logstash--config_user)
+* [`config_group`](#-logstash--config_group)
* [`purge_config`](#-logstash--purge_config)
* [`service_provider`](#-logstash--service_provider)
* [`settings`](#-logstash--settings)
@@ -220,7 +222,7 @@ Default value: `'/usr/share/logstash'`
Data type: `String`
-The user that Logstash should run as. This also controls file ownership.
+The user that Logstash should run as.
Default value: `'logstash'`
@@ -228,10 +230,26 @@ Default value: `'logstash'`
Data type: `String`
-The group that Logstash should run as. This also controls file group ownership.
+The group that Logstash should run as.
Default value: `'logstash'`
+##### `config_user`
+
+Data type: `String`
+
+The user that owns Logstash control files.
+
+Default value: `'root'`
+
+##### `config_group`
+
+Data type: `String`
+
+The group that owns Logstash control files.
+
+Default value: `'root'`
+
##### `purge_config`
Data type: `Boolean`
diff --git a/manifests/config.pp b/manifests/config.pp
index 6933788c..55d1eb78 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -9,8 +9,8 @@
require logstash::package
File {
- owner => 'root',
- group => 'root',
+ owner => $logstash::config_user,
+ group => $logstash::config_group,
}
# Configuration "fragment" directories for pipeline config and pattern files.
@@ -21,14 +21,14 @@
if($logstash::ensure == 'present') {
file { $logstash::config_dir:
ensure => directory,
- mode => '0755',
+ mode => '0750',
}
file { "${logstash::config_dir}/conf.d":
ensure => directory,
purge => $logstash::purge_config,
recurse => $logstash::purge_config,
- mode => '0775',
+ mode => '0770',
notify => Service['logstash'],
}
@@ -36,7 +36,7 @@
ensure => directory,
purge => $logstash::purge_config,
recurse => $logstash::purge_config,
- mode => '0755',
+ mode => '0750',
}
}
elsif($logstash::ensure == 'absent') {
diff --git a/manifests/configfile.pp b/manifests/configfile.pp
index eb8c9719..f1ebc462 100644
--- a/manifests/configfile.pp
+++ b/manifests/configfile.pp
@@ -49,8 +49,8 @@
) {
include logstash
- $owner = 'root'
- $group = $logstash::logstash_group
+ $owner = $logstash::config_user
+ $group = $logstash::config_group
$mode = '0640'
$require = Package['logstash'] # So that we have '/etc/logstash/conf.d'.
$tag = ['logstash_config'] # So that we notify the service.
diff --git a/manifests/init.pp b/manifests/init.pp
index 0d5b02d3..b2a8c094 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -52,10 +52,16 @@
# The home directory for logstash.
#
# @param [String] logstash_user
-# The user that Logstash should run as. This also controls file ownership.
+# The user that Logstash should run as.
#
# @param [String] logstash_group
-# The group that Logstash should run as. This also controls file group ownership.
+# The group that Logstash should run as.
+#
+# @param [String] config_user
+# The user that owns Logstash control files.
+#
+# @param [String] config_group
+# The group that owns Logstash control files.
#
# @param [Boolean] purge_config
# Purge the config directory of any unmanaged files,
@@ -152,6 +158,8 @@
Stdlib::Absolutepath $home_dir = '/usr/share/logstash',
$logstash_user = 'logstash',
$logstash_group = 'logstash',
+ $config_user = 'root',
+ $config_group = 'root',
$config_dir = '/etc/logstash',
Boolean $purge_config = true,
$service_provider = undef,
diff --git a/manifests/patternfile.pp b/manifests/patternfile.pp
index 4490ff15..eb7f3235 100644
--- a/manifests/patternfile.pp
+++ b/manifests/patternfile.pp
@@ -1,9 +1,9 @@
# This type represents a Grok pattern file for Logstash.
#
-# @param [String] source
+# @param source
# File source for the pattern file. eg. `puppet://[...]` or `file://[...]`
#
-# @param [String] filename
+# @param filename
# Optionally set the destination filename.
#
# @example Define a pattern file.
@@ -30,8 +30,8 @@
file { "${logstash::config_dir}/patterns/${destination}":
ensure => file,
source => $source,
- owner => 'root',
- group => $logstash::logstash_group,
+ owner => $logstash::config_user,
+ group => $logstash::config_group,
mode => '0640',
tag => ['logstash_config'],
}
diff --git a/manifests/service.pp b/manifests/service.pp
index 9b1c1758..43e97478 100644
--- a/manifests/service.pp
+++ b/manifests/service.pp
@@ -37,9 +37,9 @@
$pipelines = $logstash::pipelines
File {
- owner => 'root',
- group => 'root',
- mode => '0644',
+ owner => $logstash::config_user,
+ group => $logstash::config_group,
+ mode => '0640',
notify => Exec['logstash-system-install'],
}