Chris Hostetter wrote: > : log. I have not been able to find much in the way of a howto for > : SecurityManager, and am pretty much groping in the dark at this point. > > I found this... > http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html > ...but I'm afraid I don't have much concrete advice to offer you, i've > never run any servlet container with a security manager, mainly because > i've never run a WAR i didn't trust completely... > > to start with, it looks like you're going to want to enable JndiPermission > (since that's how you are setting the solr home) and you should enable > read FilePermission for the entire solr home dir, and write FilePermission > for the data dir. if you wnat to use snapshooting/snappulling you'll also > need to RuntimePermission. i think that's probably it ... but according > to that doc, the best way to figure out what permissions you need to turn > on if something isn't working, is with the -Djava.security.debug=all > option. > > if you have any luck with this, then by all means please update the > SOlrTomcat wiki with what you find. > > > -Hoss > >
Hoss, thanks for the Saturday night reply. Open Source does indeed rule. I've gotten as far as making Solr completely trusted, which I think will be sufficient for my own purposes, since only people with root access can touch the Solr directories. Here's the command I added to catalina.policy: grant codeBase "file:${catalina.home}/webapps/solr/-" { permission java.security.AllPermission; }; -- Wade Leftwich Ithaca, NY