Kibana start as a service using another user other than root

vikasp · July 9, 2019, 11:20pm

Hi,
I have kibana 5.4.2 installed on a server. I can start the service with no problem when I am logged as a root user using "systemctl start kibana" or "service kibana start".

I have the kibana.service file at /etc/systemd/system/kibana.service as below:

[Unit]
Description=Kibana

[Service]
Type=simple
User=svc_tst_elk
Group=gp_svc_tst_elk
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/kibana
#EnvironmentFile=-/etc/sysconfig/kibana
ExecStart=/usr/share/kibana/bin/kibana "-c /etc/kibana/kibana.yml"
Restart=always
WorkingDirectory=/

[Install]
WantedBy=multi-user.target

and the env as /etc/default/kibana:

user="svc_tst_elk"
group="gp_svc_tst_elk"
chroot="/"
chdir="/"
nice=""

# If this is set to 1, then when stop is called, if the process has
# not exited within a reasonable time, SIGKILL will be sent next.
# The default behavior is to simply log a message "program stop failed; still running"
KILL_ON_STOP_TIMEOUT=0

When, I try to start the kibana service with the user svc_tst_elk:
I see this entry in the kibana.stderr:
chroot: cannot change root directory to /: Operation not permitted

Also, the user svc_tst_elk is/has permissions to run the commands /sbin/service kibana start/stop.

Aaron_Caldwell · July 10, 2019, 12:11am

Hello Vikas,

I wonder if your problem is similar to the problem(s) described in this issue. Looks like there were a few solutions tried there, maybe one of them might work well for you?

Regards,
Aaron

vikasp · July 10, 2019, 5:02pm

Hi Aaron,
Thanks for the link, but it doesn't look that way.
I have all the folders below already owned by the svc_tst_elk user.
/usr/share/kibana (bin directory and the executables)
/var/log/kibana (stdout and stderr)
/etc/kibana (configs)
/etc/systemd/system/kibana.service
/etc/default/kibana

the error says,
when I try to start with the user other than root:
chroot: cannot change root directory to /: Operation not permitted.

Can somebody help me understand do we need chroot to /, if so why and
anyway to resolve this.

Thanks,

vikasp · July 23, 2019, 11:03pm

Hi,
So, I updated the user and group to my svc user in one of the file /etc/systemd/system/kibana.service.

But, I found out that the user and group is mentioned in the env file as well and I guess because the env file is defined later in the service file, the user/group mentioned in the env file might have taken precedence.

I updated in both the places and got my issue resolved.

system · August 20, 2019, 11:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.