lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <>
Subject [jira] [Commented] (SOLR-7890) By default require admin rights to access /security.json in ZK
Date Mon, 24 Aug 2015 08:50:46 GMT


Jan Høydahl commented on SOLR-7890:

Here is how to use the feature:
# Configure {{solr.xml}} to use {{VMParamsAllAndReadonlyDigestZkACLProvider}} (won't work
using VM params due to SOLR-7909)
# Start Solr first time with {{-DzkDigestUsername=admin}}, {{-DzkDigestPassword=admin}}, {{-DzkDigestReadonlyUsername=client}},
# To protect other znodes than the default {{/security.json}}, pass VM param {{-DzkProtectedPaths=/live_nodes;/overseer;/foo.....}}
# Create {{/security.json}} in zk using admin credentials
# Using client credentials, attempt to read {{/security.json}} using getfile - will
fail, i.e. it is not only read-only, but totally hidden
# Start Solr
# Attempt to read content of {{/security.json}} through Solr Admin UI, e.g. http://localhost:8983/solr/zookeeper?path=/security.json
- you will see {{*** ZNODE DATA PROTECTED ***}} (since Solr currently always accesses ZK using
admin creds, we simply intercept the REST API logic instead)

[~steff1193] and/or [], please take a look at the patch and give feedback.

> By default require admin rights to access /security.json in ZK
> --------------------------------------------------------------
>                 Key: SOLR-7890
>                 URL:
>             Project: Solr
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>             Fix For: Trunk
>         Attachments: SOLR-7890.patch
> Perhaps {{VMParamsAllAndReadonlyDigestZkACLProvider}} should by default require admin
access for read/write of {{/security.json}}, and other sensitive paths. Today this is left
to the user to implement.
> Also, perhaps factor out the already-known sensitive paths into a separate class, so
that various {{ACLProvider}} implementations can get a list of paths that should be admin-only,
read-only etc from one central place. Then 3rd party impls pulling ZK creds from elsewhere
will still do the right thing in the future if we introduce other sensitive Znodes...

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message