[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Timothy Potter updated SOLR-8101: - Attachment: SOLR-8101.patch Here's a patch for trunk with the correct paths to the affected files. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin >Assignee: Timothy Potter > Labels: patch, security > Attachments: SOLR-8101.patch, solr-5.3.1.patch, > solr-scripts-v2.patch, solr-scripts-v3.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as it > may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to > safely upgrade Solr. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: solr-scripts-v3.patch It seems that solr v.5.3.1 doesn't need rw permisstions to {{$SOLR_INSTALL_DIR/server/solr-webapp}} and {{$SOLR_INSTALL_DIR/server/logs}}, so whole {{$SOLR_INSTALL_DIR}} should only be readable by {{$SOLR_USER}}. Attached patch v3. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin >Assignee: Timothy Potter > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-scripts-v2.patch, > solr-scripts-v3.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to > safely upgrade Solr. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Description: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") * adds {{-f}} option to Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. was: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") * adds {{-f}} Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin >Assignee: Timothy Potter > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-scripts-v2.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > * adds {{-f}} option to > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Description: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as it may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to safely upgrade Solr. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. was: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to safely upgrade Solr. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin >Assignee: Timothy Potter > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-scripts-v2.patch, > solr-scripts-v3.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as it > may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to > safely upgrade Solr. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Description: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to safely upgrade Solr. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. was: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") * adds {{-f}} option to Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin >Assignee: Timothy Potter > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-scripts-v2.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to > safely upgrade Solr. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: (was: solr-scripts-v3.patch) > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin >Assignee: Timothy Potter > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-scripts-v2.patch, > solr-scripts-v3.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to > safely upgrade Solr. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: solr-scripts-v3.patch > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin >Assignee: Timothy Potter > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-scripts-v2.patch, > solr-scripts-v3.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds {{-f}} option to {{install_solr_service.sh}}. It should be used to > safely upgrade Solr. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Description: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") * adds {{-f}} Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. was: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be inspected more. These directories should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin >Assignee: Timothy Potter > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-scripts-v2.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}}. This directory should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > * adds {{-f}} > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: solr-5.3.1.patch > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is > *security* issue. If {{solr.in.sh}} is placed in directory which is writable > by {{$SOLR_USER}}, solr process is able to write to it, and than it will be > run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: (was: solr-5.3.1.patch) > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is > *security* issue. If {{solr.in.sh}} is placed in directory which is writable > by {{$SOLR_USER}}, solr process is able to write to it, and than it will be > run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: solr-5.3.1.patch Updated patch. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-5.3.1.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is > *security* issue. If {{solr.in.sh}} is placed in directory which is writable > by {{$SOLR_USER}}, solr process is able to write to it, and than it will be > run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: (was: solr-5.3.1.patch) > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is > *security* issue. If {{solr.in.sh}} is placed in directory which is writable > by {{$SOLR_USER}}, solr process is able to write to it, and than it will be > run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Description: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be inspected more. These directories should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. was: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be inspected more. These directories should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: solr-scripts-v2.patch > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-scripts-v2.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: solr-scripts-v2.patch > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch, solr-scripts-v2.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: (was: solr-scripts-v2.patch) > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} . > This is *security* issue. If {{solr.in.sh}} is placed in directory which is > writable by {{$SOLR_USER}}, solr process is able to write to it, and than it > will be run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Attachment: solr-5.3.1.patch Patch attached. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > Attachments: solr-5.3.1.patch > > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is > *security* issue. If {{solr.in.sh}} is placed in directory which is writable > by {{$SOLR_USER}}, solr process is able to write to it, and than it will be > run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Updated] (SOLR-8101) Installation script permission issues and other scripts fixes
[ https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergey Urushkin updated SOLR-8101: -- Description: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be inspected more. These directories should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. was: Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest to improve current shell scripts. Provided patch: * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is *security* issue. If {{solr.in.sh}} is placed in directory which is writable by {{$SOLR_USER}}, solr process is able to write to it, and than it will be run by root on start/shutdown. * changes permissions. {{$SOLR_USER}} should only be able to write to {{$SOLR_VAR_DIR , $SOLR_INSTALL_DIR/server/solr-webapp , $SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be inspected more. These directories should not be readable by other users as they may contain personal information. * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see there is no need in {{/home/solr}} directory. * adds quotes to unquoted variables * adds leading zero to chmod commands * removes group from chown commands (uses ":") Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. > Installation script permission issues and other scripts fixes > - > > Key: SOLR-8101 > URL: https://issues.apache.org/jira/browse/SOLR-8101 > Project: Solr > Issue Type: Improvement > Components: scripts and tools >Affects Versions: 5.3.1 >Reporter: Sergey Urushkin > Labels: patch, security > > Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest > to improve current shell scripts. Provided patch: > * changes {{$SOLR_ENV}} default to {{/etc/default/solr.in.sh}} . This is > *security* issue. If {{solr.in.sh}} is placed in directory which is writable > by {{$SOLR_USER}}, solr process is able to write to it, and than it will be > run by root on start/shutdown. > * changes permissions. {{$SOLR_USER}} should only be able to write to > {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}} > {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be > inspected more. These directories should not be readable by other users as > they may contain personal information. > * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see > there is no need in {{/home/solr}} directory. > * adds quotes to unquoted variables > * adds leading zero to chmod commands > * removes group from chown commands (uses ":") > Tested on ubuntu 14.04 amd64, but changes are pretty system-independent. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org