Can't start elasticsearch service after enabling TLS for Detections/Alerts - Permission Denied

After following these instructions meticulously: How To Install Elasticsearch, Logstash, and Kibana (Elastic Stack) on Ubuntu 20.04

And then enabling TLS and setting up user permissions here: Detections prerequisites and requirements

We repeatedly run into a permissions issue when trying to start the elasticsearch service:
./elasticsearch-env: line 81: /etc/default/elasticsearch: Permission denied

After doing an ls -l on the directory, all files are owned by the elasticsearch user created during setup, which seems correct. It appears since I am trying to start the service as my personal or sudo user it denies me. We're experimented with doing a chown -r on the directory to one of our personal users and we get past the error, but run into another down the line where the startup of the service calls another directory which is also owned by the same elasticsearch user.

It doesn't seem right to have to change permissions on these startup files for the service, could it be that we're attempting to run the service in an incorrect way? Hoping to get some insight or advice on this, we've done the setup several times now to make sure we follow the installer directions correctly and are still running into the exact same thing every time, TIA.

Can you please post your elasticsearch.yml.

I'd recommend following the related documentation here - https://www.elastic.co/guide/en/elastic-stack/current/index.html

I haven't seen the blog post you mention so I can't speak to its correctness, but in addition to the link that Mark shared with you, you can always use the official documentation for installing using a deb package in https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.