[
https://issues.apache.org/jira/browse/SOLR-13087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martijn Koster updated SOLR-13087:
----------------------------------
Description:
The {{bin/solr}} script uses {{whoami}} to determine if it is running as root.
That code is [here
|https://github.com/apache/lucene-solr/blob/master/solr/bin/solr#L1089]and was
introduced with [this commit
|https://github.com/apache/lucene-solr/commit/7561461f738a447856bb93b0a847b0200fff4c9c]for
SOLR-7826
This can produce a warning if the effective uid is not present in
{{/etc/passwd}}.
For example:
{noformat}
$ docker run -it -u 88888 bash bash -c 'whoami'
whoami: unknown uid 88888
{noformat}
This is an unusual situation, but one I encountered and [worked
around|https://github.com/docker-solr/docker-solr/commit/8a4e236e93d6fcda3e33937b332d1911c1e7b8f8#diff-1578307c887a49e90a57418e653ad7f6R49]
The use of {{whoami}} can be avoided by using {{id -u}}, or better yet {{$UID
}}/ {{$EUID}} which is built into bash and thus also avoids a subshell
invocation. I'm not aware of any downside to this approach.
was:
The {{bin/solr}} script uses {{whoami}} to determine if it is running as root.
That code is [here
|https://github.com/apache/lucene-solr/blob/master/solr/bin/solr#L1089]and was
introduced with [this commit
|https://github.com/apache/lucene-solr/commit/7561461f738a447856bb93b0a847b0200fff4c9c]for
SOLR-7826
This can produce a warning if the effective uid is not present in
{{/etc/passwd}}.
For example:
{{$ docker run -it -u 88888 bash bash -c 'whoami'}}
{{ whoami: unknown uid 88888}}
This is an unusual situation, but one I encountered and [worked
around|https://github.com/docker-solr/docker-solr/commit/8a4e236e93d6fcda3e33937b332d1911c1e7b8f8#diff-1578307c887a49e90a57418e653ad7f6R49]
The use of {{whoami}} can be avoided by using {{id -u}}, or better yet {{$UID
}}/ {{$EUID}} which is built into bash and thus also avoids a subshell
invocation. I'm not aware of any downside to this approach.
> bin/solr's use of whoami can produce warnings
> ---------------------------------------------
>
> Key: SOLR-13087
> URL: https://issues.apache.org/jira/browse/SOLR-13087
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrCLI
> Reporter: Martijn Koster
> Priority: Trivial
> Attachments:
> 0001-SOLR-13087-Use-EUID-to-check-for-root-in-bin-solr.patch
>
>
> The {{bin/solr}} script uses {{whoami}} to determine if it is running as root.
> That code is [here
> |https://github.com/apache/lucene-solr/blob/master/solr/bin/solr#L1089]and
> was introduced with [this commit
> |https://github.com/apache/lucene-solr/commit/7561461f738a447856bb93b0a847b0200fff4c9c]for
> SOLR-7826
> This can produce a warning if the effective uid is not present in
> {{/etc/passwd}}.
> For example:
> {noformat}
> $ docker run -it -u 88888 bash bash -c 'whoami'
> whoami: unknown uid 88888
> {noformat}
> This is an unusual situation, but one I encountered and [worked
> around|https://github.com/docker-solr/docker-solr/commit/8a4e236e93d6fcda3e33937b332d1911c1e7b8f8#diff-1578307c887a49e90a57418e653ad7f6R49]
> The use of {{whoami}} can be avoided by using {{id -u}}, or better yet {{$UID
> }}/ {{$EUID}} which is built into bash and thus also avoids a subshell
> invocation. I'm not aware of any downside to this approach.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
