I'll also add that /var/log/osquery/result.log is world read writable and selinux is disabled (rhel7)

On the Fleet server, right?

that was my problem. I thought the logs were stored locally on the client

Sweet, glad you worked it out! You can of course configure logs to be stored on the local machine, but part of the advantage of Fleet is that it aggregates the logs onto a single machine for you.

I actually much prefer them on the fleet server. Makes my deployment much easier since I don't have to worry about collecting logs from 4000 endpoints

We totally agree 🙂