Ad Widget

Collapse

Configure Agent2 to run as a different user than the Zabbix server

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • sihedat256
    Junior Member
    • Mar 2026
    • 2
    #1

    Configure Agent2 to run as a different user than the Zabbix server

    To configure Agent2 to run as a different user than the Zabbix server on Ubuntu Server 24.04, I did the following:

    Create new user:
    Code:
    sudo useradd --system --no-create-home --shell /usr/sbin/nologin zabbix-agent
    Set the new owner of the Agent2 files (also for the log file):
    Code:
    sudo chown zabbix-agent:zabbix-agent /etc/zabbix/zabbix_agent2.conf
sudo chown -R zabbix-agent:zabbix-agent /etc/zabbix/zabbix_agent2.d/
sudo chown zabbix-agent:zabbix-agent /var/log/zabbix/zabbix_agent2.log
    Code:
    sudo systemctl edit zabbix-agent2
    PHP Code:
    [Service]
    User=zabbix-agent
    Group    =zabbix-agent 
    Code:
    sudo systemctl daemon-reload
sudo systemctl restart zabbix-agent2
    And what I get is "failed to open log file: open /var/log/zabbix/zabbix_agent2.log: permission denied":

    Code:
    sudo systemctl status zabbix-agent2
    PHP Code:
    ● zabbix-agent2.service Zabbix Agent 2
    Loaded    loaded (/etc/systemd/system/zabbix-agent2.serviceenabledpresetenabled)
    Drop-In: /etc/systemd/system/zabbix-agent2.service.d
    └─override    .conf
    Active    activating (auto-restart) (Result: exit-codesince Fri 2026-03-20 09:45:28 CET6s ago
    Process    95613 ExecStart=/usr/sbin/zabbix_agent2 -c $CONFFILE (code=exitedstatus=1/FAILURE)
    Main PID95613 (code=exitedstatus=1/FAILURE)
    CPU18ms 
    Code:
    sudo journalctl -u  zabbix-agent2.service
    PHP Code:
    zabbix_agent2 [2087]: ERRORFailed to run agentcannot initialize loggerfailed to open log fileopen /var/log/zabbix/zabbix_agent2.logpermission denied
    What am I doing wrong/forgetting?
    Thanks for any help.​
    Tags: None
    • troffasky
      Senior Member
      • Jul 2008
      • 611
      #2
      What are perms on /var/log/zabbix/? I think Zabbix agent needs to be able to create/rename/delete files in here as agent itself handles log rotation, not sufficient to just be able to write one file there.
        👍 1

        Comment

        • sihedat256
          Junior Member
          • Mar 2026
          • 2
          #3
          You're right troffasky, in fact, to resolve issues related to file rights I also had to carry out other interventions.

          I report the complete procedure that in my case allows the execution of /usr/sbin/zabbix_agent2 without errors, but I'm new to Zabbix and not very familiar with Linux, so I'd appreciate it if someone could take a look.

          I found it strange not to find any information about this online, given how widespread Zabbix is. Maybe I'm worrying too much about something that isn't that important?


          This is a guide I wrote for myself:

          Code:
          useradd --system --no-create-home --shell /usr/sbin/nologin zabbix-agent

          Code:
          chown zabbix-agent:zabbix-agent /etc/zabbix/zabbix_agent2.conf
chown -R zabbix-agent:zabbix-agent /etc/zabbix/zabbix_agent2.d/​

          Set directory for .log and .pid:​
          Code:
          mv /var/log/zabbix/zabbix_agent2.log /var/log/zabbix_agent2.log
chown zabbix-agent:zabbix-agent /var/log/zabbix_agent2.log
          Code:
          vi /etc/zabbix/zabbix_agent2.conf
          PHP Code:
          ...
          LogFile=/var/log/zabbix_agent2.log
          ...
          PidFile=/tmp/zabbix_agent2.pid
          ... 

          To run the systemd service with the new user, I created an override (which also required to set "ExecStop=" to avoid the error empty string: MAINPID):
          Code:
          systemctl edit zabbix-agent2
          PHP Code:
          [Service]
          User=zabbix-agent
          Group          =zabbix-agent
          ExecStop
          Code:
          systemctl daemon-reload
systemctl restart zabbix-agent2

            Comment

            Previous template Next
            Working...