I installed an Elasticsearch on CentOS using rpm file. After install, elaticsearch user and group is created, user which can't be used to manage (start/stop/restart) elasticsearch (nologin, nonexistent). I don't want to manage elasticsearch with root user. Should I create a new user for that or to modify elasticsearch user? What will be the best approach?
Hi @lucian1094 Welcome to the community...
No do not create another user.
When you install elastic with and .rpm and start elasticsearch with sudo systemctl it will run as the non-root user elastic ... exactly as designed.
the systemctl command is run as sudo BUT elasticsearch is executed / launched under the less privlieged elastic user ... exactly as designed.
Elasticsearch will not run as root as designed... following the existing docs / procedure is best practice and is used my 1000s of users to run elasticsearch securely and best practice.
If you want to run systemctl without sudo... that is a linux question best addressed by your linux admin...
Thank you Stephen for your answer and for your time. My bad, I didn't start the cluster because I didn't finish the settings, now I can see the elastic user. So, I think, is it enough to add elastic user in sudoers file and then to use it for start/stop elasticsearch, edit configuration files, etc. ?
Yes... it sounds like you are your own Linux admin, so you understand the options / risks etc.
As already said, there is no need for that. Also, the elasticsearch user is a nologin user, so it make no sense for it to be in sudoers.
You just need to use a normal user with sudo privileges to start/stop the elasticsearch service.
How did you install elasticsearch? How do you connect to your server?
You should have a normal user and use sudo to perform privileged operations, use this same user to start and stop elasticsearch with sudo systemctl start elasticsearch and sudo systemctl stop elasticsearch.
I was thinking to add elastic user, not elasticsearch user. For now I just learning and testing. But now is clear for me about elasticsearch os users, thank you for your time, appreciate.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.