Permission denied when starting Elasticsearch 7.17.0 installed via RPM

We are trying to expand our cluster size from 3 nodes to 5 nodes. After installing Elasticsearch via RPM on the new nodes we receive the following 'Permission denied' error when starting the service.

[root@host user]# sudo -i service elasticsearch start
Starting elasticsearch: /usr/share/elasticsearch/bin/elasticsearch-env: line 87: /etc/sysconfig/elasticsearch: Permission denied

Line 87 in /usr/share/elasticsearch/bin/elasticsearch-env refers to:

 87 source /etc/sysconfig/elasticsearch

The permissions on that file and directory look OK to my eyes:

[root@host user]# ls -la /etc/sysconfig
total 228
drwxr-xr-x.   8 root root           4096 Apr 25 14:03 .
[root@host user]# ls -la /etc/sysconfig/elasticsearch
-rw-rw---- 1 root elasticsearch 1676 Jan 28 03:39 /etc/sysconfig/elasticsearch

I have looked at the following threads and still do not understand what the issue is:

Our nodes are Chef-managed so they get provisioned with nearly the same configuration, so the discrepancy here is not clear to me.

Any assistance would be greatly appreciated.

did you check permission on "/etc/Elasticsearch" ? may be message is misleading.

[root@host ~]# ls -la /etc/elasticsearch/
total 196
drwxr-s---    4 root elasticsearch   4096 Apr 25 15:37 .

This matches the other 3 nodes where Elasticsearch is running without issue. Elasticsearch runs under the elasticsearch user on those nodes, same as the new node.

anything more detail in any log?

what about journelctl -xe
does it even creates any log?

No log is created by Elasticsearch.

journalctl is not available on my system (Oracle Enterprise Linux 6.10) and I don't see anything relevant in dmesg or in system logs.

how about you execute this at prompt? does that works?

[root@host ~]# sudo -u elasticsearch bash -c 'source /etc/sysconfig/elasticsearch'
bash: /etc/sysconfig/elasticsearch: Permission denied

It works if I source the file as root, but that doesn't help diagnose since root has full access to everything.

ok. I see now what is happening.
sudo do no have access to see your /etc/sysconfig/Elasticsearch file.

check sudo -l (as user) and you should see what access you have. you need to give that use read access to that file.

I'm only using sudo to invoke commands as another user. I'm not intending to elevate the privileges of the elasticsearch user itself.

[elasticsearch@host ~]$ whoami
[elasticsearch@host ~]$ source /etc/sysconfig/elasticsearch
bash: /etc/sysconfig/elasticsearch: Permission denied

However I think you may have uncovered the issue. When I su to elasticsearch I get the following error:

[root@host ~]# su elasticsearch
/usr/bin/id: cannot find name for group ID 1408
[elasticsearch@host ~]$ whoami
[elasticsearch@host ~]$ groups
groups: cannot find name for group ID 1408

I'm not sure why the Elasticsearch user is assigned to a group id that doesn't exist, but this explains why the user does not have permission to /etc/sysconfig/elasticsearch.

yes you have to give all require sudo access to user Elasticsearch.
or simply you can start your service as root user and have to not worry about sudo.

I appreciate your help but there's nothing in the RPM instructions (Install Elasticsearch with RPM | Elasticsearch Guide [7.17] | Elastic) that requires sudoers changes for the elasticsearch user.

Furthermore, we do not grant any sudo access to the elasticsearch user on our other 3 nodes and it runs there successfully under elasticsearch, not root.

The issue here is entirely caused by the GID of the elasticsearch being incorrectly set. I will manually correct this, although I suspect that the RPM install process caused it.

Running Elasticsearch as root is not recommended as described here: elasticsearch/es-security-principles.asciidoc at 9958c3c2fc49a3e253b04e96cfec2e653c39d2e7 · elastic/elasticsearch · GitHub.

In fact, the code specifically checks for this and throws a RuntimeException if you try to do so: elasticsearch/ at v7.17.0 · elastic/elasticsearch · GitHub

This is what I do.
Set /etc/group, /etc/passwd, /etc/shadow first before installing rpm on new node
that way all GID/UID are same across all node

if you want to do that you first have to remove rpm -e and then set UID/GID and reinstall the package, configure Elasticsearch.yml and restart

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.