Elasticsearch can’t be run an root user. Elasticsearch itself restricts this. A new user named elasticsearch and group named elasticsearch is automatically created when we install elasticsearch. Can check entries by using following commands
$ sudo less /etc/passwd | grep "elasticsearch"
$ sudo less /etc/group | grep "elasticsearch"
We need to change ownership of all elasticsearch related files. Please follow the steps mentioned below.
Steps:
1.Change owership of all ES related files from root to elasticsearch using example cmd below.
$ sudo chown elasticsearch:elasticsearch -R /usr/share/elasticsearch
$ sudo chown elasticsearch:elasticsearch -R /var/log/elasticsearch
$ sudo chown elasticsearch:elasticsearch -R /var/lib/elasticsearch
$ sudo chown elasticsearch:elasticsearch -R /etc/default/elasticsearch
$ sudo chown elasticsearch:elasticsearch -R /etc/elasticsearch
2.Open /etc/default/elasticsearch file and do the following things
a)JAVA_HOME=your/java/home/path
b)add the following entries at the end
i) START_DAEMON=true
ii) ES_USER=elasticsearch
iii) ES_GROUP=elasticsearch
3.Now enable elasticsearch service and start
$ sudo systemctl enable elasticsearch
$ sudo systemctl start elasticsearch
$ sudo systemctl status elasticsearch
4.Test elasticsearch by using curl. Say your host ip is 192.168.5.194 and ES running on port 9200
$ curl -X GET ‘192.168.5.194:9200’
DONE!!
Ref. : https://stackoverflow.com/a/48390311/1445978