elasticsearch-usersedit
If you use file-based user authentication, the elasticsearch-users
command
enables you to add and remove users, assign user roles, and manage passwords.
Synopsisedit
bin/elasticsearch-users ([useradd <username>] [-p <password>] [-r <roles>]) | ([list] <username>) | ([passwd <username>] [-p <password>]) | ([roles <username>] [-a <roles>] [-r <roles>]) | ([userdel <username>])
Descriptionedit
If you use the built-in file
internal realm, users are defined in local files
on each node in the cluster.
Usernames and roles must be at least 1 and no more than 1024 characters. They
can contain alphanumeric characters (a-z
, A-Z
, 0-9
), spaces, punctuation,
and printable symbols in the
Basic Latin (ASCII) block.
Leading or trailing whitespace is not allowed.
Passwords must be at least 6 characters long.
For more information, see File-based user authentication.
To ensure that Elasticsearch can read the user and role information at startup, run
elasticsearch-users useradd
as the same user you use to run Elasticsearch. Running the
command as root or some other user updates the permissions for the users
and
users_roles
files and prevents Elasticsearch from accessing them.
Parametersedit
-
-a <roles>
-
If used with the
roles
parameter, adds a comma-separated list of roles to a user.
-
list
-
List the users that are registered with the
file
realm on the local node. If you also specify a user name, the command provides information for that user. -
-p <password>
-
Specifies the user’s password. If you do not specify this parameter, the command prompts you for the password.
Omit the
-p
option to keep plaintext passwords out of the terminal session’s command history. -
passwd <username>
-
Resets a user’s password. You can specify the new
password directly with the
-p
parameter. -
-r <roles>
-
-
If used with the
useradd
parameter, defines a user’s roles. This option accepts a comma-separated list of role names to assign to the user. -
If used with the
roles
parameter, removes a comma-separated list of roles from a user.
-
If used with the
-
roles
- Manages the roles of a particular user. You can combine adding and removing roles within the same command to change a user’s roles.
-
useradd <username>
- Adds a user to your local node.
-
userdel <username>
- Deletes a user from your local node.
Examplesedit
The following example adds a new user named jacknich
to the file
realm. The
password for this user is theshining
, and this user is associated with the
network
and monitoring
roles.
bin/elasticsearch-users useradd jacknich -p theshining -r network,monitoring
The following example lists the users that are registered with the file
realm
on the local node:
bin/elasticsearch-users list rdeniro : admin alpacino : power_user jacknich : monitoring,network
Users are in the left-hand column and their corresponding roles are listed in the right-hand column.
The following example resets the jacknich
user’s password:
bin/elasticsearch-users passwd jachnich
Since the -p
parameter was omitted, the command prompts you to enter and
confirm a password in interactive mode.
The following example removes the network
and monitoring
roles from the
jacknich
user and adds the user
role:
bin/elasticsearch-users roles jacknich -r network,monitoring -a user
The following example deletes the jacknich
user:
bin/elasticsearch-users userdel jacknich