Movatterモバイル変換

[0]ホーム
URL:

Loading
  1. Elastic Docs/
  2. Reference/
  3. Elasticsearch/
  4. Command-line tools

elasticsearch-users

If you use file-based user authentication, theelasticsearch-users command enables you to add and remove users, assign user roles, and manage passwords per node.

bin/elasticsearch-users([useradd <username>] [-p <password>] [-r <roles>]) |([list] <username>) |([passwd <username>] [-p <password>]) |([roles <username>] [-a <roles>] [-r <roles>]) |([userdel <username>])

If you use the built-infile internal realm, users are defined in local files on each node in the cluster.

Usernames and roles must be at least 1 and no more than 1024 characters. They can contain alphanumeric characters (a-z,A-Z,0-9), spaces, punctuation, and printable symbols in theBasic Latin (ASCII) block. Leading or trailing whitespace is not allowed.

Passwords must be at least 6 characters long.

For more information, seeFile-based user authentication.

Tip

To ensure that Elasticsearch can read the user and role information at startup, runelasticsearch-users useradd as the same user you use to run Elasticsearch. Running the command as root or some other user updates the permissions for theusers andusers_roles files and prevents Elasticsearch from accessing them.

-a <roles>
If used with theroles parameter, adds a comma-separated list of roles to a user.
list
List the users that are registered with thefile realm on the local node. If you also specify a user name, the command provides information for that user.
-p <password>

Specifies the user’s password. If you do not specify this parameter, the command prompts you for the password.

Tip

Omit the-p option to keep plaintext passwords out of the terminal session’s command history.

passwd <username>
Resets a user’s password. You can specify the new password directly with the-p parameter.
-r <roles>
  • If used with theuseradd parameter, defines a user’s roles. This option accepts a comma-separated list of role names to assign to the user.
  • If used with theroles parameter, removes a comma-separated list of roles from a user.
roles
Manages the roles of a particular user. You can combine adding and removing roles within the same command to change a user’s roles.
useradd <username>
Adds a user to your local node.
userdel <username>
Deletes a user from your local node.

The following example adds a new user namedjacknich to thefile realm. The password for this user istheshining, and this user is associated with thenetwork andmonitoring roles.

bin/elasticsearch-users useradd jacknich -p theshining -r network,monitoring

The following example lists the users that are registered with thefile realm on the local node:

bin/elasticsearch-users listrdeniro        : adminalpacino       : power_userjacknich       : monitoring,network

Users are in the left-hand column and their corresponding roles are listed in the right-hand column.

The following example resets thejacknich user’s password:

bin/elasticsearch-users passwd jachnich

Since the-p parameter was omitted, the command prompts you to enter and confirm a password in interactive mode.

The following example removes thenetwork andmonitoring roles from thejacknich user and adds theuser role:

bin/elasticsearch-users roles jacknich -r network,monitoring -a user

The following example deletes thejacknich user:

bin/elasticsearch-users userdel jacknich
[8]ページ先頭
©2009-2026 Movatter.jp