I think adding the User/Group in /etc/systemd/syst...
# general
I think adding the User/Group in /etc/systemd/system/multi-user.target.wants/orbit.service under [Service] and ensuring correct ownership to /opt/orbit is the way to do it. Please let me know if there's a better way.
I'm not an expert, but I don't think you'd get full visibility if osqueryd is not running as root.
This sounds like a reasonable approach. Jason is correct that you won't get full visibility though.
Please join us in #fleet if you've got further questions 🙂
Thanks both of you! I need a way for me to prevent osquery to be able to access some directories.