Babiel created SOLR-16905: ----------------------------- Summary: Java Security Manager rules don't inclue "solr.allowPaths" property Key: SOLR-16905 URL: https://issues.apache.org/jira/browse/SOLR-16905 Project: Solr Issue Type: Bug Security Level: Public (Default Security Level. Issues are Public) Components: security Affects Versions: 9.2.1 Reporter: Babiel
Hi all, we've upgraded from Solr 8.11 to Solr 9.2 which bricked our Solr Backup. Since Solr 8.6 we configure solr.allowPaths, because our backup destination is outside the Solr home directory. We do this using the solr.in.sh: {code:java} SOLR_OPTS="$SOLR_OPTS -Dsolr.allowPaths=/opt/backup"{code} Since Solr 9 we received the following error message, when trying to create a backup {code:java} curl -sk 'http://localhost:8983/solr/admin/collections?action=BACKUP&name=xyz&collection=xyz&location=/opt/backup' { "responseHeader":{ "status":500, "QTime":0}, "error":{ "msg":"access denied (\"java.io.FilePermission\" \"/opt/backup\" \"read\")", ...{code} After some debugging we discovered, that since Solr 9 the Java Security Manager is enabled by default. However it doesn't have a default rule to allow access to the path which is set using the "solr.allowPaths" property: {code:java} grep allowPaths /opt/solr-9.2.1/server/etc/security.policy{code} We disabled the Java Security Manager for now, but our guess is, that the security policy should be expanded by {code:java} permission java.io.FilePermission "${solr.allowPaths}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.allowPaths}${/}-", "read,write,delete,readlink";{code} Cheers Dennis -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org