原英文版地址: https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-files.html, 原文档版权归 www.elastic.co 所有
本地英文版地址: ../en/security-files.html
重要: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 当前版本文档
Elasticsearch Guide [7.7] » Secure a cluster » Configuring security in Elasticsearch » Security files
« Separating node-to-node and client traffic FIPS 140-2 »

Security filesedit

The Elasticsearch security features use the following files:

  • ES_PATH_CONF/roles.yml defines the roles in use on the cluster. See Defining roles.
  • ES_PATH_CONF/elasticsearch-users defines the users and their hashed passwords for the file realm. See File-based user authentication.
  • ES_PATH_CONF/elasticsearch-users_roles defines the user roles assignment for the the file realm. See File-based user authentication.
  • ES_PATH_CONF/role_mapping.yml defines the role assignments for a Distinguished Name (DN) to a role. This allows for LDAP and Active Directory groups and users and PKI users to be mapped to roles. See Mapping users and groups to roles.
  • ES_PATH_CONF/log4j2.properties contains audit information. See Logfile audit output.

Any files that the security features use must be stored in the Elasticsearch configuration directory. Elasticsearch runs with restricted permissions and is only permitted to read from the locations configured in the directory layout for enhanced security.

Several of these files are in the YAML format. When you edit these files, be aware that YAML is indentation-level sensitive and indentation errors can lead to configuration errors. Avoid the tab character to set indentation levels, or use an editor that automatically expands tabs to spaces.

Be careful to properly escape YAML constructs such as : or leading exclamation points within quoted strings. Using the | or > characters to define block literals instead of escaping the problematic characters can help avoid problems.

« Separating node-to-node and client traffic FIPS 140-2 »