Skip to content

Commit ee8aa89

Browse files
dliappisdliappis
committed
Clarify elasticsearch user uid:gid mapping in Docker docs
Elasticsearch runs as user elasticsearch with uid:gid 1000:1000 inside the Docker container. Clarify that bind mounted local directories need to be accessible by this user. Relates #24092
1 parent ec47de9 commit ee8aa89

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

docs/reference/setup/install/docker.asciidoc

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -237,8 +237,7 @@ For example, bind-mounting a `custom_elasticsearch.yml` with `docker run` can be
237237
--------------------------------------------
238238
-v full_path_to/custom_elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
239239
--------------------------------------------
240-
241-
IMPORTANT: `custom_elasticsearch.yml` should be readable by uid:gid `1000:1000`
240+
IMPORTANT: The container **runs Elasticsearch as user `elasticsearch` using uid:gid `1000:1000`**. Bind mounted host directories and files, such as `custom_elasticsearch.yml` above, **need to be accessible by this user**. For the https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#path-settings[data and log dirs], such as `/usr/share/elasticsearch/data`, write access is required as well.
242241

243242
===== C. Customized image
244243
In some environments, it may make more sense to prepare a custom image containing your configuration. A `Dockerfile` to achieve this may be as simple as:
@@ -276,6 +275,8 @@ We have collected a number of best practices for production use.
276275

277276
NOTE: Any Docker parameters mentioned below assume the use of `docker run`.
278277

278+
. Elasticsearch inside the container runs as user `elasticsearch` using uid:gid `1000:1000`. If you are bind mounting a local directory or file, ensure it is readable by this user while the https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#path-settings[data and log dirs] additionally require write access.
279+
279280
. It is important to correctly set capabilities and ulimits via the Docker CLI. As seen earlier in the example <<docker-prod-cluster-composefile,docker-compose.yml>>, the following options are required:
280281
+
281282
--cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536

0 commit comments

Comments
 (0)