---
title: Elasticsearch service user requirements
description: Requirements for the user account that runs the Elasticsearch service, including identity, kernel resource limits, and file ownership.
url: https://www.elastic.co/elastic/docs-builder/docs/3016/deploy-manage/deploy/self-managed/elasticsearch-service-user
products:
  - Elasticsearch
applies_to:
  - Self-managed Elastic deployments: Generally available
---

# Elasticsearch service user requirements
Elasticsearch must run under an appropriate user account with specific permissions and consistent configuration across all nodes in your cluster.
This page describes the requirements for the user account that runs the Elasticsearch service.
RPM and Debian packages automatically create the `elasticsearch` user and group during installation. For `.tar.gz` or `.zip` installations, create the user and group manually before starting Elasticsearch.

## Don't run as a privileged user

Elastic recommends that you avoid running commands as a privileged user:
- On Linux and macOS, do not run Elasticsearch as the `root` user. Instead, create a dedicated, unprivileged user account to run the service, such as `elasticsearch`.
- On Windows, do not run Elasticsearch as the `Administrator` user. Instead, create a dedicated, unprivileged user account to run the service.


## Use consistent user and group IDs across nodes

<note>
  This section applies to Linux and MacOS only.
</note>

Ensure that the `elasticsearch` user has the same *numeric* UID and GID on every node in your cluster.
This is especially important if you use NFS or another shared file system. Many NFS implementations match accounts by numeric UID and GID, not by name. If the `elasticsearch` account has different numeric IDs on different nodes, you might encounter permission errors when using shared file system snapshot repositories.
For more information, refer to [Troubleshooting a shared file system repository](/elastic/docs-builder/docs/3016/deploy-manage/tools/snapshot-and-restore/shared-file-system-repository#_troubleshooting_a_shared_file_system_repository).

## Kernel resource limits for the Elasticsearch process

<note>
  This section applies to Linux and MacOS only. On Windows, the JVM manages most of these resources directly and no user-level configuration is required.
</note>

Elasticsearch requires several kernel-level resource limits, such as open file descriptors, max threads, and memory lock, to be raised above their defaults. The kernel enforces these limits per process based on the user that spawned it, so they must be configured for the `elasticsearch` user. The [important system configuration](https://www.elastic.co/elastic/docs-builder/docs/3016/deploy-manage/deploy/self-managed/important-system-configuration) section covers each limit and its required value.
For instructions on applying these limits using `ulimit`, `/etc/security/limits.conf`, or `systemd`, refer to [System settings configuration methods](https://www.elastic.co/elastic/docs-builder/docs/3016/deploy-manage/deploy/self-managed/setting-system-settings).

## File and directory ownership and permissions

The Elasticsearch user must be able to read the configuration and write to data and log directories. Verify ownership and permissions after installation and before starting the service. RPM and Debian packages set correct ownership and permissions automatically.
For the default directory paths and their expected ownership, refer to the directory layout for your installation method:
- [`.tar.gz` archive on Linux or macOS](/elastic/docs-builder/docs/3016/deploy-manage/deploy/self-managed/install-elasticsearch-from-archive-on-linux-macos#targz-layout)
- [`.zip` archive on Windows](/elastic/docs-builder/docs/3016/deploy-manage/deploy/self-managed/install-elasticsearch-with-zip-on-windows#windows-layout)
- [Debian](/elastic/docs-builder/docs/3016/deploy-manage/deploy/self-managed/install-elasticsearch-with-debian-package#deb-layout)
- [RPM](/elastic/docs-builder/docs/3016/deploy-manage/deploy/self-managed/install-elasticsearch-with-rpm#rpm-layout)
- [Docker](/elastic/docs-builder/docs/3016/deploy-manage/deploy/self-managed/install-elasticsearch-docker-prod#_configuration_files_must_be_readable_by_the_elasticsearch_user)