How do you set up the user account to run Elasticsearch service on Linux?

Hello, I'm new to my organization and to Elasticsearch. I'm the new server administrator for Liferay 7.4 DXP which uses Elasticsearch 7.17.x. I'm developing our migration procedure as we're migrating to Liferay 7.4 DXP from 7.0 and migrating to Elasticsearch 7.17.x from 2.4.6., and this includes moving to new RHEL 8 servers with Liferay and Elasticsearch installed and configured (I'm doing this myself with the help of the Web Developers on another team). I'm currently developing the procedure on a RHEL 8.7 server and installed Elasticsearch 7.17.9 manually via RPM command.

After configuring the single-node Elasticsearch cluster following documentation from multiple sources (Elasticsearch, Liferay, and a tech blog) I attempted to start Elasticsearch as root and that resulted in the following error, and I later discovered that this is intentionally not permitted.

I noticed that the Elasticsearch 7.17.9 RPM creates the elasticsearch user but in /etc/passwd it's login shell is configured to /sbin/nologin. I believe this is why I'm getting the error below when trying to start elasticsearch using:

[root@liferaydev1 bin]# su - elasticsearch ./elasticsearch
Creating home directory for elasticsearch.
This account is currently not available.

I plan on testing if changing the login shell for elasticsearch user to /bin/bash resolves the issue with starting elasticsearch service as user elasticsearch. The command to do so is below is searching the internet later on for how to do this:

# usermod -s /bin/bash elasticsearch

Does anyone recall having to manually assign a login shell to the elasticsearch user like this after installing the RPM/package on your Linux servers? Thanks in advance for your feedback.

Hi @Latitude Welcome to the community.

Wow migrating from 2.4 to 7.17 that is a BIG effort :slight_smile:

I am a bit confused.

First, you should really try to stick with the elasticsearch official documentation for installing with rpm You should carefully follow this documentation.

Why are you not starting elasticsearch with

systemctl start elasticsearch

That is the proper method for starting elasticsearch after installing with .rpm and does / should not require any changes to the system when installing with .rpm. After installing with an rpm ... the intention is to NOT start elasticsearch from the command line in the foreground.... and not you can not start elasticsearch as root.

You do not need to create / change / alter the elasticsearch user to properly use elasticsearch on Linux.

this / below is definitely not the right way to start elasticsearch

su - elasticsearch ./elasticsearch

What are you trying to accomplish?

This forum is full of folks that have issues when trying to start changing permissions, users, folder etc etc.. on elasticsearch instead of using the best practices that are set up with the default installation process.

There has been a ton of changes since 2.x ... I would try to stick to the best practices / defaults instead of trying to change the behavior.

You do not need a login shell for the elasticsearch user, you should run elasticsearch as a service with systemctl start/stop elasticsearch.

If you for some reason wants to run it from the command line use sudo -u elasticsearch, not su - elasticsearch, su needs a login shell to work.


[root@server bin]# su - elasticsearch ./elasticsearch-keystore list
su: warning: cannot change directory to /nonexistent: No such file or directory
This account is currently not available.
[root@server bin]# sudo -u elasticsearch ./elasticsearch-keystore list
[root@server bin]# 
1 Like

Thank you @stephenb. I will definitely stick to the elasticsearch documentation.

I set login shell back to /sbin/nologin and now it's working. I think my problem was that instead of using # systemctl start elasticsearch, I was trying to start elasticsearch by executing ./elasticsearch in /usr/share/elasticsearch/bin. Lesson learned.

1 Like

Awesome come back and ask more questions as you go!

1 Like

@stephenb Awesome, thanks for your help! I'll be back :nerd_face:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.