Kibana should not be run as root. Use --allow-root to continue

Elastic Stack Kibana
1

CentOS Linux release 7.7.1908 (Core)

I have the lastest version of the kibana installed from the elasticsearch repo by yum:
kibana-7.5.2-1.x86_64

When I try to install a plugin:

/usr/share/kibana/bin/kibana-plugin install $url

got error:
Kibana should not be run as root. Use --allow-root to continue.
Ok, trying the more secure way:

su -c '/usr/share/kibana/bin/kibana-plugin install $url' kibana
got error:
This account is currently not available.

I know the web application with root owner on files is the gift for hackers and pentesters.
So what is the right (recommended) way to install kibana plugins if the kibana user cant be used?

Best regards,
Serg

2

It sounds like you don't have a "kibana" user. The recommendation here is to use any user other than root. Do you have any non-root users on the machine? If not, I would recommend creating one and install/run Kibana using that.

3

As i wrote I've kibana from standart elasticsearch repo:

repoquery -i kibana

Name : kibana
Version : 7.6.0
Release : 1
Architecture: x86_64
Size : 709167330
Packager : Kibana Team info@elastic.co
Group : default
URL : https://www.elastic.co
Repository : elasticsearch-7.x
Summary : Explore and visualize your Elasticsearch data
Source : kibana-7.6.0-1.src.rpm
Description :
Explore and visualize your Elasticsearch data

cat /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

And kibana package created kibana user

id kibana

uid=997(kibana) gid=995(kibana) groups=995(kibana)

So user is present in the system.

Best regards,
Serg

4

Installation with non root user shows expected errors (obviously general user cant write files to the kibana folders):

someuser$ /usr/share/kibana/bin/kibana-plugin install $url
Babel could not write cache to file: /usr/share/kibana/optimize/.babel_register_cache.json
due to a permission issue. Cache is disabled.
Plugin installation was unsuccessful due to error "ENOENT: no such file or directory, mkdir '/usr/share/kibana/plugins/.plugin.installing'"

5

The right answer:
su -s /bin/bash -c '/usr/share/kibana/bin/kibana-plugin install $url kibana

I thinks the hint "use for example su -s /bin/bash" can be added to the kibana-plugin script error message because the issue occurs after the package installation with default permissions.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.