[8.18] (backport #9604) Fix/8544 mac linux unprivileged reenroll

[mergify]

• Bug

What does this PR do?

Updates the enroll command so that the file permissions are fixed when a privileged user executes enroll. Implemented only for mac/linux. Permission fix is executed every time root executes enroll and enroll is not triggered by install. Windows implementation will be in a follow up pr. Split the PRs as windows implementation may end up being more involved.

Why is it important?

Currently a root user needs to run sudo -u elastic-agent-user elastic-agent enroll ... in order to re-enroll an unprivileged agent.

Checklist

• I have read and understood the pull request guidelines of this project.
• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• [ ] I have made corresponding changes to the documentation
• [ ] I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• I have added an integration test or an E2E test

Disruptive User Impact

None

How to test this PR locally

• Build the agent
• Install and enroll with --unprivileged flag
• Execute enroll as root
• Verify that agent is still healthy

Related issues

• Relates Enable Safe Re-enrollment by Root/Admin for Unprivileged Elastic Agent Installs on All Platforms #8544
• Prerequisite for Fix/8544 windows unprivileged reenroll #9623 -> follow up windows PR

---

This is an automatic backport of pull request #9604 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of 08444d4 has failed:

On branch mergify/bp/8.18/pr-9604
Your branch is up to date with 'origin/8.18'.

You are currently cherry-picking commit 08444d400.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	new file:   changelog/fragments/1756313785-enable-root-user-to-re-enroll-unprivileged-agent-for-mac-and-linux.yaml
	deleted:    internal/pkg/agent/cmd/enroll_match_fileowner_unix.go
	deleted:    internal/pkg/agent/cmd/enroll_match_fileowner_unix_test.go
	deleted:    internal/pkg/agent/cmd/enroll_match_fileowner_windows.go
	deleted:    internal/pkg/agent/cmd/enroll_match_fileowner_windows_test.go
	new file:   internal/pkg/agent/cmd/enroll_test.go
	modified:   internal/pkg/agent/cmd/enroll_unix.go
	new file:   internal/pkg/agent/cmd/enroll_unix_test.go
	modified:   internal/pkg/agent/cmd/enroll_windows.go
	modified:   testing/integration/ess/re-enroll_test.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   internal/pkg/agent/cmd/enroll.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

[mergify]

This pull request has not been merged yet. Could you please review and merge it @kaanyalti? 🙏

ci is not green

[elastic-sonarqube]

Quality Gate passed

Issues
2 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
77.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 1fe1dcd

History

• 💔 Build #26392 failed 8223772
• 💔 Build #26390 failed 02dbb68
• 💔 Build #26353 failed 02dbb68
• 💔 Build #26294 failed 02dbb68
• 💔 Build #26267 failed e66fb55

cc @kaanyalti