Fixing Elasticsearch java.security.AccessControlException: access denied Error on Redhat Family OS
Apr 25, 2024
Issue: We have encountered an issue where Elasticsearch is incompatible with new versions of OpenJDK on certain nodes running Redhat family OSes. The specific error message is:
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read")
Resolution: To resolve this issue, follow these steps:
- Identify the Java policy path for the open JDK belonging to your OS. For example:
/etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_7.x86_64/lib/security/java.policy
- Append the following permission using the
sed
command:
sed -i "s~permission java.util.PropertyPermission \"sun.security.pkcs11.disableKeyExtraction\", \"read\";~permission java.util.PropertyPermission \"sun.security.pkcs11.disableKeyExtraction\", \"read\";\n\tpermission java.io.FilePermission \"/etc/pki/java/cacerts\", \"read\";~g" /etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_7.x86_64/lib/security/java.policy
- Restart the Elasticsearch service:
systemctl restart elasticsearch
This should resolve the access denied error in Elasticsearch on Redhat family OSes.