Permission to elasticsearch config directory

Hi,

Is it normal for the elasticsearch config directory to be only accessible using sudo ?

amdin1@amdin1-virtual-machine:~$ cd /etc/elasticsearch
bash: cd: /etc/elasticsearch: Permission denied

The issue is that when setting the path for the .p12 cert, elasticsearch wont start throwing an error Permission denied, unable to access /etc/elasticsearch/certs/node-1.p12

xpack.security.transport.ssl.keystore.path: certs/node-1.p12

ls -l on /etc/ gave this result for the elasticsearch folder

drwxr-s--- 2 root elasticsearch 4096 Apr 10 14:30 elasticsearch

Any help is highly appreciated.

How did you install elasticsearch and what OS are you using? How are you running elasticsearch ?

This looks very much related to what happens with your kibana installation with the permission issues in Using https to login to Kibana.

How did you install elasticsearch?
https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html

what OS are you using?
Ubuntu 18.04 bionic

How are you running elasticsearch ?
sudo systemctl start elasticsearch.service

Regarding permission issue:

We are asked to save the .p12 in the default config path which is /etc/elasticsearch/

When I cd /etc/elasticsearch/ I got a permission denied, for this the .p12 was not been accessed where it resides on config/certs/node-1.p12

    ./bin/elasticsearch-certutil cert \
    --ca elastic-stack-ca.p12 \ 
    --dns localhost \ 
    --ip 127.0.0.1,::1 
    --out config/certs/node-1.p12 

To solve this, the only thing (which is I don't think is a good practice at all, is I've chmod the .p12

sudo chmod 777 node-1.p12

This solved the issue, but I think there is something wrong with permissions, hope you can help in this to avoid such thing in production environment.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.