Elasticsearch Linux User

lucian1094 · July 30, 2022, 8:47am

I installed an Elasticsearch on CentOS using rpm file. After install, elaticsearch user and group is created, user which can't be used to manage (start/stop/restart) elasticsearch (nologin, nonexistent). I don't want to manage elasticsearch with root user. Should I create a new user for that or to modify elasticsearch user? What will be the best approach?

stephenb · July 30, 2022, 4:19pm

Hi @lucian1094 Welcome to the community...

No do not create another user.

When you install elastic with and .rpm and start elasticsearch with sudo systemctl it will run as the non-root user elastic ... exactly as designed.

the systemctl command is run as sudo BUT elasticsearch is executed / launched under the less privlieged elastic user ... exactly as designed.

Elasticsearch will not run as root as designed... following the existing docs / procedure is best practice and is used my 1000s of users to run elasticsearch securely and best practice.

If you want to run systemctl without sudo... that is a linux question best addressed by your linux admin...

lucian1094 · July 30, 2022, 5:09pm

Thank you Stephen for your answer and for your time. My bad, I didn't start the cluster because I didn't finish the settings, now I can see the elastic user. So, I think, is it enough to add elastic user in sudoers file and then to use it for start/stop elasticsearch, edit configuration files, etc. ?

stephenb · July 30, 2022, 5:11pm

Yes... it sounds like you are your own Linux admin, so you understand the options / risks etc.

leandrojmp · July 30, 2022, 5:41pm

As already said, there is no need for that. Also, the elasticsearch user is a nologin user, so it make no sense for it to be in sudoers.

You just need to use a normal user with sudo privileges to start/stop the elasticsearch service.

How did you install elasticsearch? How do you connect to your server?

You should have a normal user and use sudo to perform privileged operations, use this same user to start and stop elasticsearch with sudo systemctl start elasticsearch and sudo systemctl stop elasticsearch.

lucian1094 · July 30, 2022, 6:04pm

I was thinking to add elastic user, not elasticsearch user. For now I just learning and testing. But now is clear for me about elasticsearch os users, thank you for your time, appreciate.