Running as ROOT user. this is a bad idea! – How to solve related issues

Opster Team

Feb-20, Version: 1.7-8.0

Before you begin reading this guide, we recommend you run Elasticsearch Error Check-Up which analyzes 2 JSON files to detect many errors.

Briefly, this error message indicates that Elasticsearch is running as the ROOT user. This is not recommended as it can lead to security vulnerabilities. To resolve the issue, Elasticsearch should be configured to run under a non-privileged user account.

To easily locate the root cause and resolve this issue try AutoOps for Elasticsearch & OpenSearch. It diagnoses problems by analyzing hundreds of metrics collected by a lightweight agent and offers guidance for resolving them. Take a self-guided product tour to see for yourself (no registration required).

This guide will help you check for common problems that cause the log ” Running as ROOT user. this is a bad idea! ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: bootstrap.

 
 

bootstrap checks

Overview

Elasticsearch has many settings that can cause significant performance problems if not set correctly. To prevent this happening, Elasticsearch carries out “bootstrap checks” to ensure that these important settings have been covered. If any of the checks fail, Elasticsearch will write an error to the logs and will not start. In this guide we cover common bootstrap checks you should know and how to configure your settings correctly to pass the checks successfully.

Bootstrap checks are carried out when the network.host setting in:

network.host: 0.0.0.0

If network host is not set and you use the default localhost, then Elasticsearch will consider the node to be in development mode, and bootstrap checks will not be enforced.

Common issues with bootstrap checks

If you install elasticsearch using RPM or Debian packages (strongly recommended) then most of the important configuration is already done for you, and the only bootstrap checks you are likely to run up against are the following.

Heap size check

The minimum and maximum heap sizes specified in jvm.options (or via environment variables) must be equal to one another.

File descriptors check

Minimum file descriptors must have been set to at least 65535

Memory lock check

There are various methods used to prevent memory swapping, and you must use one of them.  The most common is to set in elasticsearch.yml

bootstrap.memory_lock: true

For this to be effective you must give permission to elasticsearch to enable this. There are various ways to do so, depending upon your operating system.

Discovery configuration checks

At least one of the following properties must be configured in elasticsearch.yml to ensure that your node can form a cluster properly:

  • discovery.seed_hosts
  • discovery.seed_providers
  • cluster.initial_master_nodes

Less common bootstrap check issues

If you are not using RPM or debian packages, you may come across the following issues:

Max number of threads check

You must allow your system to create at least 4096 threads. In linux this is done by editing /etc/security/limits.conf and adjusting the nproc setting.

Max file size check

Your system should be able to create unlimited file sizes. In linux this is done by editing /etc/security/limits.conf and adjusting the fsize setting

Max virtual memory check

The system should be able to create unlimited virtual memory for the elasticsearch user.

This is done by editing /etc/security/limits.conf 
<user> - as unlimited

Max map count check

The system must be able to use mmap effectively.  This is done by running the command 

sysctl vm.max_map_count 262144

Other checks

The following checks are also carried out, but are rarely found:

OsX File Descriptor Check
Client Jvm Check
UseS erial GC Check
System Call Filter Check
Might Fork Check
On Error Check
On Out Of Memory Error Check
Early Access Check
G1GC Check
All Permission Check
 
 

 
 

Log Context

Log “running as ROOT user. this is a bad idea!” classname is Bootstrap.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

         final ESLogger logger = Loggers.getLogger(Bootstrap.class);

        // check if the user is running as root; and bail
        if (Natives.definitelyRunningAsRoot()) {
            if (Boolean.parseBoolean(System.getProperty("es.insecure.allow.root"))) {
                logger.warn("running as ROOT user. this is a bad idea!");
            } else {
                throw new RuntimeException("don't run elasticsearch as root.");
            }
        }

 

"Using Opster’s products, search throughput performance improved by 30%."

Jose Rafaelly

Head of System Engineering at Everymundo

Watch product tour

Try AutoOps to find & fix Elasticsearch problems

Analyze Your Cluster
Related Articles

Choose the Correct Number of Shards

How to Optimize Elasticsearch Disk Space and Usage

How CoreView Optimized Elasticsearch Performance

Skip to content