[
https://issues.apache.org/jira/browse/SOLR-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Timothy Potter reassigned SOLR-8101:
------------------------------------
Assignee: Timothy Potter
> Installation script permission issues and other scripts fixes
> -------------------------------------------------------------
>
> Key: SOLR-8101
> URL: https://issues.apache.org/jira/browse/SOLR-8101
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
> Affects Versions: 5.3.1
> Reporter: Sergey Urushkin
> Assignee: Timothy Potter
> Labels: patch, security
> Attachments: solr-5.3.1.patch, solr-scripts-v2.patch
>
>
> Until [https://issues.apache.org/jira/browse/SOLR-7871] is fixed, I suggest
> to improve current shell scripts. Provided patch:
> * changes {{$SOLR_ENV}} default to {{/etc/default/$SOLR_SERVICE.in.sh}} .
> This is *security* issue. If {{solr.in.sh}} is placed in directory which is
> writable by {{$SOLR_USER}}, solr process is able to write to it, and than it
> will be run by root on start/shutdown.
> * changes permissions. {{$SOLR_USER}} should only be able to write to
> {{$SOLR_VAR_DIR}} {{$SOLR_INSTALL_DIR/server/solr-webapp}}
> {{$SOLR_INSTALL_DIR/server/logs}} . {{solr-webapp}} directory might be
> inspected more. These directories should not be readable by other users as
> they may contain personal information.
> * sets {{$SOLR_USER}} home directory to {{$SOLR_VAR_DIR}} . As I can see
> there is no need in {{/home/solr}} directory.
> * adds quotes to unquoted variables
> * adds leading zero to chmod commands
> * removes group from chown commands (uses ":")
> Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
