[com.floragunn.searchguard.configuration.PrivilegesEvaluator] indices:admin/settings/update

HI ,

Please be kind to advise

  • Search Guard and Elasticsearch version : search-guard-2-2.2.1.0 and ES 2.2.1

  • Installed and used enterprise modules, if any : NO

  • JVM version and operating system version :**jdk1.8.0_74 , Linux Server **

  • Search Guard configuration files

  • Elasticsearch log messages on debug level : Attached

  • Other installed Elasticsearch or Kibana plugins, if any : No

We are getting below warning in logs while executing the curl command

[2018-01-05 09:01:07,070][WARN ][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indices:admin/settings/update for searchguard index is not allowed for a regular user

[2018-01-05 09:01:07,072][INFO ][rest.suppressed ] /searchguard/_settings Params: {index=searchguard}

ElasticsearchSecurityException[no permissions for indices:admin/settings/update]

curl -vvv -u admin -k -XPUT ‘https://Abhay:9200/searchguard/_settings’ --tlsv1.2 -d ’ { “index” : {“number_of_replicas” : 0 } }’

Enter host password for user ‘admin’:

  • About to connect() to Abhay port 9200 (#0)

  • Trying 192.168.62.66…

  • Connected to Abhay (192.168.62.66) port 9200 (#0)

  • Initializing NSS with certpath: sql:/etc/pki/nssdb

  • skipping SSL peer certificate verification

  • NSS: client certificate not found (nickname not specified)

  • SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

  • Server certificate:

  •   start date: Nov 02 00:00:00 2016 GMT
    
  •   expire date: Nov 07 12:00:00 2018 GMT
    
  •   common name: Abhay
    
  •   issuer: CN=DigiCert SHA2 Secure Server CA,O=xx Inc,C=US
    
  • Server auth using Basic with user ‘admin’

PUT /searchguard/_settings HTTP/1.1

Authorization: Basic YWRtaW46QWRtaW4xIQ==

User-Agent: curl/7.29.0

Host: Abhay:9200

Accept: /

Content-Length: 42

Content-Type: application/x-www-form-urlencoded

  • upload completely sent off: 42 out of 42 bytes

< HTTP/1.1 403 Forbidden

< Content-Type: application/json; charset=UTF-8

< Content-Length: 217

<

  • Connection #0 to host Abhay left intact

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for indices:admin/settings/update”}],“type”:“security_exception”,“reason”:“no permissions for indices:admin/settings/update”},“status”:403}[root@nlhrl1ccrnn01 sgconfig]#

[2018-01-05 09:01:07,070][WARN ][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indices:admin/settings/update for searchguard index is not allowed for a regular user

[2018-01-05 09:01:07,072][INFO ][rest.suppressed ] /searchguard/_settings Params: {index=searchguard}

ElasticsearchSecurityException[no permissions for indices:admin/settings/update]

Thanks

Abhay

ES.log (18.2 KB)

···
  •   subject: CN=xxx,O=xxx.,L=xx,ST=xx,C=xx
    

ES 2.3.x and older is end of life, so we will not support it any longer. You should upgrade to ES 5.6 or ES 6.1.1 because ES 2.4 will become also EOL in Feb 2018.
See http://docs.search-guard.com/latest/eol-policy

Can you check if you have the same issue with ES 2.4.6 and SG 14 or ES 5.6.5 and SG 18 or ES 6.1.1 and SG 20.1 ?

···

Am 05.01.2018 um 10:07 schrieb abhaydas19@gmail.com:

HI ,

Please be kind to advise

* Search Guard and Elasticsearch version : search-guard-2-2.2.1.0 and ES 2.2.1
* Installed and used enterprise modules, if any : NO
* JVM version and operating system version : jdk1.8.0_74 , Linux Server
* Search Guard configuration files
* Elasticsearch log messages on debug level : Attached
* Other installed Elasticsearch or Kibana plugins, if any : No

We are getting below warning in logs while executing the curl command

[2018-01-05 09:01:07,070][WARN ][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indices:admin/settings/update for searchguard index is not allowed for a regular user
[2018-01-05 09:01:07,072][INFO ][rest.suppressed ] /searchguard/_settings Params: {index=searchguard}
ElasticsearchSecurityException[no permissions for indices:admin/settings/update]

curl -vvv -u admin -k -XPUT 'https://Abhay:9200/searchguard/_settings' --tlsv1.2 -d ' { "index" : {"number_of_replicas" : 0 } }'
Enter host password for user 'admin':
* About to connect() to Abhay port 9200 (#0)
* Trying 192.168.62.66...
* Connected to Abhay (192.168.62.66) port 9200 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=xxx,O=xxx.,L=xx,ST=xx,C=xx
* start date: Nov 02 00:00:00 2016 GMT
* expire date: Nov 07 12:00:00 2018 GMT
* common name: Abhay
* issuer: CN=DigiCert SHA2 Secure Server CA,O=xx Inc,C=US
* Server auth using Basic with user 'admin'
> PUT /searchguard/_settings HTTP/1.1
> Authorization: Basic YWRtaW46QWRtaW4xIQ==
> User-Agent: curl/7.29.0
> Host: Abhay:9200
> Accept: */*
> Content-Length: 42
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 42 out of 42 bytes
< HTTP/1.1 403 Forbidden
< Content-Type: application/json; charset=UTF-8
< Content-Length: 217
<
* Connection #0 to host Abhay left intact
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for indices:admin/settings/update"}],"type":"security_exception","reason":"no permissions for indices:admin/settings/update"},"status":403}[root@nlhrl1ccrnn01 sgconfig]#

[2018-01-05 09:01:07,070][WARN ][com.floragunn.searchguard.configuration.PrivilegesEvaluator] indices:admin/settings/update for searchguard index is not allowed for a regular user
[2018-01-05 09:01:07,072][INFO ][rest.suppressed ] /searchguard/_settings Params: {index=searchguard}
ElasticsearchSecurityException[no permissions for indices:admin/settings/update]

Thanks
Abhay

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/7eb27e5a-73d1-40e8-8ddb-ccfb6851c8af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<ES.log>