报错
[root@localhost elasticsearch-7.4.0]# ./bin/elasticsearch
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[2019-10-18T01:49:23,002][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [localhost.localdomain] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.4.0.jar:7.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.4.0.jar:7.4.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.4.0.jar:7.4.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125) ~[elasticsearch-cli-7.4.0.jar:7.4.0]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.4.0.jar:7.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.4.0.jar:7.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.4.0.jar:7.4.0]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:105) ~[elasticsearch-7.4.0.jar:7.4.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:172) ~[elasticsearch-7.4.0.jar:7.4.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.4.0.jar:7.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.4.0.jar:7.4.0]
... 6 more
报这个错,是因为官方建议,不要使用root用户运行elasticsearch
官方的描述是
Scripting and securityedit
While Elasticsearch contributors make every effort to prevent scripts from running amok, security is something best done in layers because all software has bugs and it is important to minimize the risk of failure in any security layer. Find below rules of thumb for how to keep Elasticsearch from being a vulnerability.
Do not run as rootedit
First and foremost, never run Elasticsearch as the root user as this would allow any successful effort to circumvent the other security layers to do anything on your server. Elasticsearch will refuse to start if it detects that it is running as root but this is so important that it is worth double and triple checking.
Do not expose Elasticsearch directly to usersedit
Do not expose Elasticsearch directly to users, instead have an application make requests on behalf of users. If this is not possible, have an application to sanitize requests from users. If that is not possible then have some mechanism to track which users did what. Understand that it is quite possible to write a _search that overwhelms Elasticsearch and brings down the cluster. All such searches should be considered bugs and the Elasticsearch contributors make an effort to prevent this but they are still possible.
Do not expose Elasticsearch directly to the Internetedit
Do not expose Elasticsearch to the Internet, instead have an application make requests on behalf of the Internet. Do not entertain the thought of having an application "sanitize" requests to Elasticsearch. Understand that it is possible for a sufficiently determined malicious user to write searches that overwhelm the Elasticsearch cluster and bring it down. For example:
总结就是,ElasticSearch在启动时会检查是否是root身份运行,如果是root身份运行是不安全的,可以使用非root用户或者创建非root用户并授权来运行ElasticSearch
创建用户
groupadd myuser
useradd myuser -g myuser
设置用户密码
passwd myuser
切换用户
su myuser