[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Timothy Potter updated SOLR-8101:
-
Attachment: SOLR-8101.patch
Here's a patch for trunk with the correct paths to the affected files.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
>Assignee: Timothy Potter
> Labels: patch, security
> Attachments: SOLR-8101.patch, solr-5.3.1.patch,
> solr-scripts-v2.patch, solr-scripts-v3.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as it
> may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to
> safely upgrade Solr.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: solr-scripts-v3.patch
It seems that solr v.5.3.1 doesn't need rw permisstions to
{{$SOLR_INSTALL_DIR/server/solr-webapp}} and
{{$SOLR_INSTALL_DIR/server/logs}}, so whole {{$SOLR_INSTALL_DIR}} should only
be readable by {{$SOLR_USER}}. Attached patch v3.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
>Assignee: Timothy Potter
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch,
> solr-scripts-v3.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to
> safely upgrade Solr.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Description:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
This is *security* issue. If {{solr.in.sh}} is placed in directory which is
writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
will be run by root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
* adds {{-f}} option to
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
was:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
This is *security* issue. If {{solr.in.sh}} is placed in directory which is
writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
will be run by root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
* adds {{-f}}
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
>Assignee: Timothy Potter
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> * adds {{-f}} option to
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Description:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
This is *security* issue. If {{solr.in.sh}} is placed in directory which is
writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
will be run by root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}}. This directory should not be readable by other users as it
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds {{-f}} option to {{install_solr_service.sh}}. It should be used to
safely upgrade Solr.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
was:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
This is *security* issue. If {{solr.in.sh}} is placed in directory which is
writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
will be run by root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds {{-f}} option to {{install_solr_service.sh}}. It should be used to
safely upgrade Solr.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
>Assignee: Timothy Potter
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch,
> solr-scripts-v3.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as it
> may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to
> safely upgrade Solr.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Description:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
This is *security* issue. If {{solr.in.sh}} is placed in directory which is
writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
will be run by root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds {{-f}} option to {{install_solr_service.sh}}. It should be used to
safely upgrade Solr.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
was:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
This is *security* issue. If {{solr.in.sh}} is placed in directory which is
writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
will be run by root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
* adds {{-f}} option to
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
>Assignee: Timothy Potter
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to
> safely upgrade Solr.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: (was: solr-scripts-v3.patch)
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
>Assignee: Timothy Potter
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch,
> solr-scripts-v3.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to
> safely upgrade Solr.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: solr-scripts-v3.patch
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
>Assignee: Timothy Potter
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch,
> solr-scripts-v3.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to
> safely upgrade Solr.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Description:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
This is *security* issue. If {{solr.in.sh}} is placed in directory which is
writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
will be run by root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
* adds {{-f}}
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
was:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
This is *security* issue. If {{solr.in.sh}} is placed in directory which is
writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
will be run by root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
{{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
inspected more. These directories should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
>Assignee: Timothy Potter
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> * adds {{-f}}
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: solr-5.3.1.patch
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
> Attachments: solr-5.3.1.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is
> *security* issue. If {{solr.in.sh}} is placed in directory which is writable
> by {{$SOLR_USER}}, solr process is able to write to it, and than it will be
> run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: (was: solr-5.3.1.patch)
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
> Attachments: solr-5.3.1.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is
> *security* issue. If {{solr.in.sh}} is placed in directory which is writable
> by {{$SOLR_USER}}, solr process is able to write to it, and than it will be
> run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: solr-5.3.1.patch
Updated patch.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-5.3.1.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is
> *security* issue. If {{solr.in.sh}} is placed in directory which is writable
> by {{$SOLR_USER}}, solr process is able to write to it, and than it will be
> run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: (was: solr-5.3.1.patch)
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
> Attachments: solr-5.3.1.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is
> *security* issue. If {{solr.in.sh}} is placed in directory which is writable
> by {{$SOLR_USER}}, solr process is able to write to it, and than it will be
> run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Description:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
This is *security* issue. If {{solr.in.sh}} is placed in directory which is
writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
will be run by root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
{{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
inspected more. These directories should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
was:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is
*security* issue. If {{solr.in.sh}} is placed in directory which is writable by
{{$SOLR_USER}}, solr process is able to write to it, and than it will be run by
root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
{{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
inspected more. These directories should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
> Attachments: solr-5.3.1.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: solr-scripts-v2.patch
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: solr-scripts-v2.patch
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: (was: solr-scripts-v2.patch)
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
> Attachments: solr-5.3.1.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Attachment: solr-5.3.1.patch
Patch attached.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
> Attachments: solr-5.3.1.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is
> *security* issue. If {{solr.in.sh}} is placed in directory which is writable
> by {{$SOLR_USER}}, solr process is able to write to it, and than it will be
> run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Urushkin updated SOLR-8101:
--
Description:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is
*security* issue. If {{solr.in.sh}} is placed in directory which is writable by
{{$SOLR_USER}}, solr process is able to write to it, and than it will be run by
root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
{{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
inspected more. These directories should not be readable by other users as they
may contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
was:
Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to
improve current shell scripts. Provided patch:
* changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is
*security* issue. If {{solr.in.sh}} is placed in directory which is writable by
{{$SOLR_USER}}, solr process is able to write to it, and than it will be run by
root on start/shutdown.
* changes permissions. {{$SOLR_USER}} should only be able to write to
{{$SOLR_VAR_DIR , $SOLR_INSTALL_DIR/server/solr-webapp ,
$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be inspected
more. These directories should not be readable by other users as they may
contain personal information.
* sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
there is no need in {{/home/solr}} directory.
* adds quotes to unquoted variables
* adds leading zero to chmod commands
* removes group from chown commands (uses ":")
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
> Installation script permission issues and other scripts fixes
> -
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
>Affects Versions: 5.3.1
>Reporter: Sergey Urushkin
> Labels: patch, security
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is
> *security* issue. If {{solr.in.sh}} is placed in directory which is writable
> by {{$SOLR_USER}}, solr process is able to write to it, and than it will be
> run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
