[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Urushkin updated SOLR-8101: ---------------------------------- Attachment: (was: solr-5.3.1.patch) > Installation script permission issues and other scripts fixes > ------------------------------------------------------------- > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools > Affects Versions: 5.3.1 > Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is > *security* issue. If {{solr.in.sh}} is placed in directory which is writable > by {{$SOLR_USER}}, solr process is able to write to it, and than it will be > run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org