Linux package apm-server.yml has incorrect file mode 664 causing error on startup

[carsonip]

APM Server version (apm-server version): 8.x, 9.0 and main

Description of the problem including expected versus actual behavior:

expected: apm-server should run with apm-server.yml out of the box, either from apm-server repo git clone or a released .tar.gz
actual: apm-server.yml has file mode 664 rw-rw-r--, but apm-server does not like the group w bit.

$ ls -l apm-server.yml 
-rw-rw-r-- 1 carson carson 39268 Feb  7 01:42 apm-server.yml
carson@carson-
$ ./apm-server -c apm-server.yml
Error: error loading config file: config file ("apm-server.yml") can only be writable by the owner but the permissions are "-rw-rw-r--" (to fix the permissions use: 'chmod go-w /home/carson/Documents/apm-server-9.0.0-beta1-linux-x86_64/apm-server.yml')

Additional info: darwin .tar.gz seems to ship apm-server.yml with 644 as opposed to 664 in linux .tar.gz.

Steps to reproduce:

Please include a minimal but complete recreation of the problem,
including server configuration, agent(s) used, etc. The easier you make it
for us to reproduce it, the more likely that somebody will take the time to
look at it.

1. download apm-server from the web https://www.elastic.co/downloads/apm
2. run apm-server with the bundled apm-server.yml

[carsonip]

git clone also gives 664 while umask is 0002

carson@carson-elastic:~/issues/apm-server-15592$ git clone [email protected]:elastic/apm-server.git
Cloning into 'apm-server'...
remote: Enumerating objects: 128298, done.
remote: Counting objects: 100% (38/38), done.
remote: Compressing objects: 100% (36/36), done.
remote: Total 128298 (delta 20), reused 3 (delta 2), pack-reused 128260 (from 1)
Receiving objects: 100% (128298/128298), 112.63 MiB | 14.25 MiB/s, done.
Resolving deltas: 100% (85534/85534), done.
carson@carson-elastic:~/issues/apm-server-15592$ ls -l apm-server/apm-server.yml
-rw-rw-r-- 1 carson carson 39268 Feb  7 14:27 apm-server/apm-server.yml
carson@carson-elastic:~/issues/apm-server-15592$ umask
0002

[carsonip]

For git, the root cause is the 0002 umask. If umask is 0022, git clone will set the right permissions.

For packaged .tar.gz, there is still an issue with apm-server packaging, where the .tar.gz will have contents with file mode 664, and rely on a 0022 umask on decompression. In contrast, in filebeat, no files in the .tar.gz have 664. Therefore, packaged filebeat does not rely on local umask to work.

carson@carson-elastic:~/Documents$ tar -tvf apm-server-8.17.1-linux-x86_64.tar.gz 
drwxrwxr-x buildkite-agent/buildkite-agent 0 2025-01-10 16:10 apm-server-8.17.1-linux-x86_64/
-rw-rw-r-- buildkite-agent/buildkite-agent 8621110 2025-01-10 16:10 apm-server-8.17.1-linux-x86_64/java-attacher.jar
-rw-rw-r-- buildkite-agent/buildkite-agent 1021235 2025-01-10 16:10 apm-server-8.17.1-linux-x86_64/NOTICE.txt
-rwxrwxr-x buildkite-agent/buildkite-agent 56438936 2025-01-10 16:10 apm-server-8.17.1-linux-x86_64/apm-server
-rw-rw-r-- buildkite-agent/buildkite-agent       41 2025-01-10 16:10 apm-server-8.17.1-linux-x86_64/.build_hash.txt
-rw-rw-r-- buildkite-agent/buildkite-agent     3859 2025-01-10 16:10 apm-server-8.17.1-linux-x86_64/LICENSE.txt
-rw-rw-r-- buildkite-agent/buildkite-agent    39322 2025-01-10 16:10 apm-server-8.17.1-linux-x86_64/apm-server.yml
carson@carson-elastic:~/Documents$ tar -tvf filebeat-oss-9.0.0-beta1-linux-x86_64.tar.gz 
-rw-r--r-- root/root     11358 2025-02-07 13:18 filebeat-9.0.0-beta1-linux-x86_64/LICENSE.txt
-rw-r--r-- root/root   4047595 2025-02-07 13:18 filebeat-9.0.0-beta1-linux-x86_64/NOTICE.txt
-rw-r--r-- root/root        41 2025-02-07 13:24 filebeat-9.0.0-beta1-linux-x86_64/.build_hash.txt
-rw------- root/root      9540 2025-02-07 13:19 filebeat-9.0.0-beta1-linux-x86_64/filebeat.yml

apm-server darwin .tar.gz contents have file mode 644 instead of 664, and doesn't exhibit the same problem as apm-server linux .tar.gz.

carson@carson-elastic:~/Documents$ tar -tvf apm-server-8.17.1-darwin-x86_64.tar.gz 
drwxr-xr-x admin/wheel       0 2025-01-10 19:10 apm-server-8.17.1-darwin-x86_64/
-rw-r--r-- admin/wheel      41 2025-01-10 16:10 apm-server-8.17.1-darwin-x86_64/.build_hash.txt
-rw-r--r-- admin/wheel    3859 2025-01-10 16:10 apm-server-8.17.1-darwin-x86_64/LICENSE.txt
-rw-r--r-- admin/wheel 1021235 2025-01-10 16:10 apm-server-8.17.1-darwin-x86_64/NOTICE.txt
-rwxr-xr-x admin/wheel 57735760 2025-01-10 19:10 apm-server-8.17.1-darwin-x86_64/apm-server
-rw-r--r-- admin/wheel    39322 2025-01-10 16:10 apm-server-8.17.1-darwin-x86_64/apm-server.yml
-rw-r--r-- admin/wheel  8621110 2025-01-10 16:10 apm-server-8.17.1-darwin-x86_64/java-attacher.jar