错误
我在 CentOS 上安装了 Elasticsearch,rpm
当我尝试通过以下方式启动它时遇到了这个错误systemctl start elasticsearch
:
Feb 20 21:08:34 server.cberdata.org systemd[1]: Started Elasticsearch.
Feb 20 21:08:34 server.cberdata.org elasticsearch[4226]: OpenJDK 64-Bit Server VM warning: Cannot open file /var/log/elasticsearch/gc.log due to Permission denied
Feb 20 21:08:51 server.cberdata.org systemd[1]: elasticsearch.service: main process exited, code=exited, status=78/n/a
Feb 20 21:08:51 server.cberdata.org systemd[1]: Unit elasticsearch.service entered failed state.
Feb 20 21:08:51 server.cberdata.org systemd[1]: elasticsearch.service failed.
尤其: Cannot open file /var/log/elasticsearch/gc.log due to Permission denied
权限
权限/var
:
drwxr-xr-x 21 root root 4096 Feb 11 19:10 var
权限/var/log
:
drwxrwxr-- 12 root root 4096 Feb 20 21:00 log
权限/var/log/elasticsearch
:
drwxrwxrwx 2 elasticsearch elasticsearch 4096 Feb 20 20:56 elasticsearch
权限/var/log/elasticsearch/gc.log
(我手动创建以查看是否有帮助,但这样做对错误没有影响):
-rwxrwxrwx 1 elasticsearch elasticsearch 0 Feb 20 20:56 gc.log
将/var/log
权限设置为drwxrwxrwx
似乎可以解决问题,但我犹豫是否这样做,因为它似乎不安全并且会导致这些新错误:
/etc/cron.daily/logrotate:
error: skipping "/var/log/exim_mainlog" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
我是否正确systemctl
/systemd
正在以用户身份运行此服务elasticsearch
?如果这样做,文件及其目录的所有者,具有明显的读/写/执行权限,如何没有打开该文件的权限?
该目录
/var/log
具有774
权限。由于未设置执行位,elasticsearch 用户无法遍历目录获取elasticsearch
目录和gc.log
其中包含的文件。通常,该
/var/log
目录具有755
权限,否则除 root 以外的任何人都无法向其写入任何服务或应用程序。您可以使用以下方法修复它:
您也不需要对
777
elasticsearch 目录和日志文件拥有权限。可以使用上述命令的变体来设置权限:您仍然可以立即访问它,如下所示: