Fixing Elasticsearch java.security.AccessControlException: access denied Error on Redhat Family OS

Issue: We have encountered an issue where Elasticsearch is incompatible with new versions of OpenJDK on certain nodes running Redhat family OSes. The specific error message is:

Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read")

Resolution: To resolve this issue, follow these steps:

  • Identify the Java policy path for the open JDK belonging to your OS. For example:
/etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_7.x86_64/lib/security/java.policy
  • Append the following permission using the sed command:
sed -i "s~permission java.util.PropertyPermission \"sun.security.pkcs11.disableKeyExtraction\", \"read\";~permission java.util.PropertyPermission \"sun.security.pkcs11.disableKeyExtraction\", \"read\";\n\tpermission java.io.FilePermission \"/etc/pki/java/cacerts\", \"read\";~g" /etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_7.x86_64/lib/security/java.policy
  • Restart the Elasticsearch service:
systemctl restart elasticsearch

This should resolve the access denied error in Elasticsearch on Redhat family OSes.

--

--

๐’๐š๐ค๐ž๐ญ ๐‰๐š๐ข๐ง

๐ƒ๐ž๐ฏ๐Ž๐ฉ๐ฌ/๐’๐‘๐„/๐‚๐ฅ๐จ๐ฎ๐ /๐ˆ๐ง๐Ÿ๐ซ๐š๐ฌ๐ญ๐ซ๐ฎ๐œ๐ญ๐ฎ๐ซ๐ž /๐’๐ฒ๐ฌ๐ญ๐ž๐ฆ ๐„๐ง๐ ๐ข๐ง๐ž๐ž๐ซ