Hello,
after the installation of elasticsearch_7.3.1, i've got the message "can not run elasticsearch as root".
I had a functionnal 1.7.3 with some changes :
-/etc/default/elasticsearch => uncommented lines START_DAEMON=true, ES_USER=elasticsearch, ES_GROUP=elasticsearch
-/etc/elasticsearch/elasticsearch.yml => host 0.0.0.0, port :9200

My variable JAVA_HOME = /usr/lib/jvm/java-8-openjdk-amd64
I've Ubuntu 16.04
and direclty run elasticsearch from ./bin/elasticsearch from the folder on the desktop

Thanks

check file/dir permission on /etc/elasticsearch, /usr/share/elasticsearch and log dir.
it should be elasticsearch:elasticsearch

Hello, thanks for the answer;
i checked, and i've not elasticsearch in /etc/ so i can't find the file /dir permission.

/usr/share/elastocsearch apparently references to my old version :
[2019-08-23 14:57:25,722][INFO ][node ] [My First Node] version[1.7.3], pid[29564], build[NA/NA] [2019-08-23 14:57:34,975][INFO ][cluster.service ] [My First Node] new_master [My First Node][JliEcoAeSH-65EC_bMl8Pg][dejancourt-VirtualBox][inet[/10.0.2.15:9301]], reason: zen-disco-join (elected_as_master)
[2019-08-23 14:57:35,111][ERROR][bootstrap ] [My First Node] Exception$
org.elasticsearch.http.BindHttpException: Failed to bind to [9200]$

and in the logs of the app i can find this :
pwd
/home/dejancourt/Bureau/elasticsearch-7.3.1/logs
cat -A logs/elasticsearch.log
[2019-08-26T16:09:01,670][ERROR][o.e.b.Bootstrap ] [dejancourt-VirtualBox] Exception$
java.lang.RuntimeException: can not run elasticsearch as root$

I didn't mean literlly /etc/dir
I means to say
/etc/elasticsearch
/usr/share/elasticsearch

it should look like this

I have following permission/ownership

ls -la /usr/share/elasticsearch/

total 536
drwxr-xr-x 7 root root 128 Aug 16 22:47 .
drwxr-xr-x. 91 root root 4096 Aug 20 00:26 ..
drwxr-xr-x 2 root root 4096 Aug 16 22:47 bin
drwxr-xr-x 8 root root 96 Aug 16 22:47 jdk
drwxr-xr-x 3 root root 4096 Aug 16 22:47 lib
-rw-r--r-- 1 root root 13675 Jun 20 23:50 LICENSE.txt
drwxr-xr-x 30 root root 4096 Aug 16 22:47 modules
-rw-rw-r-- 1 root root 502598 Jun 20 23:56 NOTICE.txt
drwxr-xr-x 2 root root 6 Jun 21 00:04 plugins

ls -la /etc/elasticsearch/

total 60
drwxr-s--- 3 root elasticsearch 4096 Aug 20 23:17 .
drwxr-xr-x. 83 root root 8192 Aug 20 00:34 ..
drwxr-sr-x 2 elasticsearch elasticsearch 38 Aug 16 23:06 config
-rw-rw---- 1 root elasticsearch 199 Aug 16 22:47 elasticsearch.keystore
-rw-r--r-- 1 root elasticsearch 76 Aug 16 22:47 .elasticsearch.keystore.initial_md5sum
-rw-r----- 1 root elasticsearch 4015 Aug 19 22:31 elasticsearch.yml
-rw-rw---- 1 root elasticsearch 3017 Aug 20 22:23 jvm.options
-rw-rw---- 1 root elasticsearch 17170 Jun 21 00:04 log4j2.properties
-rw-rw---- 1 root elasticsearch 473 Jun 21 00:04 role_mapping.yml
-rw-rw---- 1 root elasticsearch 197 Jun 21 00:04 roles.yml
-rw-rw---- 1 root elasticsearch 0 Jun 21 00:04 users
-rw-rw---- 1 root elasticsearch 0 Jun 21 00:04 users_roles

With the following lines, i'm a little confused :

apt-get update
done

apt-get install elasticsearch
elasticsearch is already the most recent version

ls -la /usr/share/elasticsearch/
total 24
drwxr-xr-x 4 root root 4096 août 19 19:06 .
drwxr-xr-x 309 root root 12288 août 19 19:06 ..
drwxr-xr-x 2 root root 4096 août 19 19:06 bin
lrwxrwxrwx 1 root root 18 déc. 24 2015 config -> /etc/elasticsearch
lrwxrwxrwx 1 root root 22 déc. 24 2015 data -> /var/lib/elasticsearch
lrwxrwxrwx 1 root root 22 déc. 24 2015 logs -> /var/log/elasticsearch
drwxr-xr-x 2 root root 4096 déc. 24 2015 plugins

ls -la /etc/elasticsearch/
ls: impossible to reach '/etc/elasticsearch/': No such file or directory

here is what I will do.
download new .deb packages for your debian.

https://www.elastic.co/downloads/elasticsearch
https://www.elastic.co/downloads/kibana
https://www.elastic.co/downloads/logstash

there are DEB package

remove your old elasticsearch/kibana/logstash and reinstall again

dpkg -remove elkpackagename kibanapackagename logstashpackagename'

dpkg -install *.deb

and you should have everything back to normal.

thanks for the links, it helped me a lot for the /etc

now it's the 7.3.1 and not the 1.7.3
apt-get install elasticsearch
elasticsearch is already the most recent version(7.3.1)

with the JAVA_HOME corresponding
echo $JAVA_HOME
/usr/lib/jvm/openjdk-11-manual-installation

unfortunately, i still have the problem of root, and permission denied if i try as a "user"

ls -la /usr/share/elasticsearch/
total 540
drwxrwxrwx 7 root root 4096 août 28 11:03 .
drwxr-xr-x 306 root root 12288 août 28 11:06 ..
drwxr-xr-x 2 root root 4096 août 28 11:03 bin
drwxr-xr-x 8 root root 4096 août 28 11:03 jdk
drwxr-xr-x 3 root root 4096 août 28 11:03 lib
drwxr-xr-x 33 root root 4096 août 28 11:03 modules
-rw-rw-r-- 1 root root 502598 août 19 22:30 NOTICE.txt
drwxr-xr-x 2 root root 4096 déc. 24 2015 plugins
-rw-r--r-- 1 root root 8500 août 19 22:29 README.textile

ls -la /etc/elasticsearch/
total 60
drwxrwsrwx 2 root elasticsearch 4096 août 28 11:05 .
drwxr-xr-x 142 root root 12288 août 28 16:16 ..
-rw-rw---- 1 root elasticsearch 199 août 28 11:05 elasticsearch.keystore
-rw-r--r-- 1 root elasticsearch 76 août 28 11:05 .elasticsearch.keystore.initial_md5sum
-rw-rw---- 1 root elasticsearch 2847 août 19 22:30 elasticsearch.yml
-rw-rw---- 1 root elasticsearch 3596 août 19 22:30 jvm.options
-rw-rw---- 1 root elasticsearch 17222 août 19 22:30 log4j2.properties
-rw-rw---- 1 root elasticsearch 473 août 19 22:30 role_mapping.yml
-rw-rw---- 1 root elasticsearch 197 août 19 22:30 roles.yml
-rw-rw---- 1 root elasticsearch 0 août 19 22:30 users
-rw-rw---- 1 root elasticsearch 0 août 19 22:30 users_roles

which version of debian you running?

what are the log messages?

I'm on a VM with Ubuntu 16.04

and this is what logs look like all the time :
./bin/elasticsearch
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[2019-08-29T11:43:27,917][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [dejancourt-VirtualBox] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.3.1.jar:7.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.3.1.jar:7.3.1]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.3.1.jar:7.3.1]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.3.1.jar:7.3.1]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.3.1.jar:7.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.3.1.jar:7.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.3.1.jar:7.3.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:105) ~[elasticsearch-7.3.1.jar:7.3.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:172) ~[elasticsearch-7.3.1.jar:7.3.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.3.1.jar:7.3.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.3.1.jar:7.3.1]
... 6 more

and this, even after i've added ES_USER=elasticsearch and ES_GROUP=elasticsearch in /etc/default/elasticsearch

I do not have /etc/default/elasticsearch file.
lets remove it

make sure everything under /usr/share/elasticsearch is own by root:root
make sure dir persmission for /etc/elasticsearch is root:elasticsearch
make sure /usr/lib/systemd/system/elasticsearch.service is own by root:root

on above file execstart should look like this
ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet

Thanks for the answer,
you can see accesses and owner with the stat command and the usefull parameters on elasticsearch.service

stat /usr/share/elasticsearch/
File : '/usr/share/elasticsearch/'
Size : 4096 - Blocks : 8 - IO Block : 4096 - directory
Device : 801h/2049d Inode : 2498173 Links : 7
Access : (0777/drwxrwxrwx) UID : ( 0/ root) GID : ( 0/ root)

stat /etc/elasticsearch/
File : '/etc/elasticsearch/'
Size : 4096 - Blocks : 8 - IO Block : 4096 - directory
Device : 801h/2049d Inode : 524301 Links : 2
Access : (2777/drwxrwsrwx) UID : ( 0/ root) GID : ( 130/elasticsearch)

stat /usr/lib/systemd/system/elasticsearch.service
File : '/usr/lib/systemd/system/elasticsearch.service'
Size : 1679 - Blocks : 8 - IO Block : 4096 - regular file
Device : 801h/2049d Inode : 2361390 Links : 1
Access : (0644/-rw-r--r--) UID : ( 0/ root) GID : ( 0/ root)

cat /usr/lib/systemd/system/elasticsearch.service
[...]User=elasticsearch
Group=elasticsearch
ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet[...]

I do not know what is going on here. I had this issue on early part when I was testing. that time I had issue with username/group and permission. and deleting everything and reinstalling was working. I had issue twice in past.

I don't know what was wrong, but i did like you recommended (fresh reinstall) and now, all is ok

PS : #deleted files / folders to do a fresh install of Elasticsearch
rm -r /home/xxxx/Bureau/elasticsearch-7.3.1
rm -r /var/log/elasticsearch/
rm -r /var/lib/elasticsearch/
rm /usr/lib/sysctl.d/elasticsearch.conf
rm /usr/lib/systemd/system/elasticsearch.service
rm /usr/lib/tmpfiles.d/elasticsearch.conf
rm /usr/share/doc/elasticsearch
rm -r /usr/share/doc/elasticsearch
rm /usr/share/doc/elasticsearch/copyright
rm /usr/share/lintian/overrides/elasticsearch
rm /var/crash/elasticsearch.0.crash
rm /var/lib/dpkg/info/elasticsearch.conffiles
rm /var/lib/dpkg/info/elasticsearch.list
rm /var/lib/dpkg/info/elasticsearch.md5sums
rm /var/lib/dpkg/info/elasticsearch.postinst
rm /var/lib/dpkg/info/elasticsearch.postrm
rm /var/lib/dpkg/info/elasticsearch.preinst
rm /var/lib/dpkg/info/elasticsearch.prerm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.