lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-7826) Permission issues when creating cores with bin/solr
Date Sun, 02 Oct 2016 14:35:20 GMT

    [ https://issues.apache.org/jira/browse/SOLR-7826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15540456#comment-15540456
] 

Jan Høydahl commented on SOLR-7826:
-----------------------------------

bq. Just rejecting root won't help if solr is the effective UID of the process, but user bob
runs bin/solr create and the new core directories wind up owned by bob but not readable by
solr. 

Is this a real or theoretical problem? Testing on Ubuntu shows that the /var/solr folder is
not writable by other than the solr user, and new folders created by a user has group "solr".
I tested running bin/solr create -c foo with another user, and got
{noformat}
solr2@acc999d2179f:/opt/solr$ bin/solr create -c newcore

ERROR: Failed to create new core instance directory: /var/solr/data/newcore
{noformat}
On most other systems where some "staff" group may be used, folder permission is "rwxr-xr-x"
as far as I know, so a random other user cannot create files in another users area.

So I think the current fix solves the problem at hand. But I agree it could be solved more
generically using {{stat}}. I'll leave that for future improvements. Patches welcome.

bq. Likewise, running as root may be perfectly fine, if the original install (foolishly) installed
as root
Well, since SOLR-9547 we warn against running solr as root, so fewer users will make that
mistake, and if they do, they need to -force both start and create commands.

bq. because a user who sees that there is a -force option for some bin/solr commands would
have a reasonable expectation that they will be "protected" unless they specify -force on
other risky solr commands as well

Currently, the {{-force}} option is added for the {{create}} and {{start}} commands, but it
is not advertised in {{-h}} printout, so users would only know about it if trying to start
solr or create cores as root. The documentation in RefGuide clearly tells what the command
is for.

You may be right that we could add even more protection for users by adding {{-force}} flags
for other situations as well, please open new JIRAs for those.

> Permission issues when creating cores with bin/solr
> ---------------------------------------------------
>
>                 Key: SOLR-7826
>                 URL: https://issues.apache.org/jira/browse/SOLR-7826
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Shawn Heisey
>            Assignee: Jan Høydahl
>            Priority: Minor
>              Labels: newdev
>             Fix For: 6.3, master (7.0)
>
>         Attachments: SOLR-7826.patch, SOLR-7826.patch
>
>
> Ran into an interesting situation on IRC today.
> Solr has been installed as a service using the shell script install_solr_service.sh ...
so it is running as an unprivileged user.
> User is running "bin/solr create" as root.  This causes permission problems, because
the script creates the core's instanceDir with root ownership, then when Solr is instructed
to actually create the core, it cannot create the dataDir.
> Enhancement idea:  When the install script is used, leave breadcrumbs somewhere so that
the "create core" section of the main script can find it and su to the user specified during
install.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message