lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hoss Man (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-7826) Permission issues when creating cores with bin/solr as root user
Date Tue, 04 Oct 2016 16:53:21 GMT

    [ https://issues.apache.org/jira/browse/SOLR-7826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15545946#comment-15545946
] 

Hoss Man commented on SOLR-7826:
--------------------------------

1. I love your new AssertTool code
2. ...

bq. But then should it not be allowed to create SOLR_HOME by hand as another user, and then
make sure that the solr user has full access through its group memberships? Or equivalent
ACL rights for Windows? Seems potentially more trappy than the root check...

That's a good point ... I feel like enforcing that the same user be used every where is the
lesser of the evils -- but only if we had been doing that since day #1 in {{bin/solr}}.  If
we start enforcing that now that might screw people with existing installs like you describe.

I honestly don't know how i feel about this issue anymore.

Maybe we should just stick with "only root is special / prohibited" behavior for now (either
using the code you already committed, or your new AssertTool code) and consider more restrictive
"use the same user everywhere, but {{-force}} will " let you use any user" type logic in 7.0?

> Permission issues when creating cores with bin/solr as root user
> ----------------------------------------------------------------
>
>                 Key: SOLR-7826
>                 URL: https://issues.apache.org/jira/browse/SOLR-7826
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Shawn Heisey
>            Assignee: Jan H√łydahl
>            Priority: Minor
>              Labels: newdev
>             Fix For: 6.3, master (7.0)
>
>         Attachments: SOLR-7826.patch, SOLR-7826.patch, SOLR-7826_sameuser.patch
>
>
> Ran into an interesting situation on IRC today.
> Solr has been installed as a service using the shell script install_solr_service.sh ...
so it is running as an unprivileged user.
> User is running "bin/solr create" as root.  This causes permission problems, because
the script creates the core's instanceDir with root ownership, then when Solr is instructed
to actually create the core, it cannot create the dataDir.
> Enhancement idea:  When the install script is used, leave breadcrumbs somewhere so that
the "create core" section of the main script can find it and su to the user specified during
install.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message