[
https://issues.apache.org/jira/browse/SOLR-7826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15543560#comment-15543560
]
Hoss Man commented on SOLR-7826:
--------------------------------
Forgive me, I thought i mentioned this before but...
bq. Well, since SOLR-9547 we warn against running solr as root, so fewer users
will make that mistake, and if they do, they need to -force both start and
create commands.
Except that SOLR-9547 is really just a spin off of this issue, with the same
broader problem of UID mismatches between the user running the command and the
owner of the files on disk -- It's not really an independent reason to add
{{-force}}. The same "fix" I'm suggesting here is also applicable to
{{bin/solr start}} (ie: don't allow solr to start unless {{`whoami`}} matches
the owner of the cores directory on the filesystem)
----
bq. ... In my eyes that is improvement over perfection. ...
And we are both entitled to our opinions -- In my eyes:
* even if the initial bug report was specific to running as root, that is a
single example of an underlying problem that causes strange behavior/errors
anytime the user running the command isn't the same as the user owning the
files on disk.
* the solution(s) you committed (both here and in SOLR-9547) only address in
the special case of running as root -- which I view as a bandaid over the
underlying problem
* the solution you committed introduces a new "api" / feature ({{-force}})
which we are now in a position of needing to support/consider moving forward.
...hence my concern that on the whole, this isn't a "net" overall improvement
-- we've "fixed" the initial bug as reported, but not the underlying problem;
and the way we've fixed it has increased the surface area of the "{{bin/solr}}
command line api" in a way that I find confusing and will find hard to
explain/justify to users moving forward.
bq. It will always be possible for you or others to open new issues and work on
improving usability even more.
Agreed, but now any such improvements in the future will be hamstrung in terms
of supporting the {{-force}} option added here.
If the only change made in this jira (and SOLR-9547) was the bandaid to fail
fast when run as root -- then i would 100% agree with your view that those
changes are an improvement to the current situation, even if not a perfect
solution to the underlying problem. But I don't personally think adding a "
{{-force}} feature" like this (as a side effect of a bug fix) is a good idea
until/unless it is more carefully and consistently thought out for all commands.
Please don't think I'm trying to brow beat you into reverting this change --
You stepped up to provide a fix when I and many others didn't, so I'm in no
position to argue with you about it.
If I find the time/inclination to put in the work needed to implement & test a
more complete solution to the underlying problem _before_ we release a version
of Solr with {{-force}} in it, then I'll re-raise the question of whether
{{-force}} is actually a good idea. Until then, i was just hoping to persuade
you to voluntarily revert it -- If I haven't convinced you it's a bad idea,
then i haven't convinced you -- and i'm ok with that.
> Permission issues when creating cores with bin/solr as root user
> ----------------------------------------------------------------
>
> Key: SOLR-7826
> URL: https://issues.apache.org/jira/browse/SOLR-7826
> Project: Solr
> Issue Type: Improvement
> Reporter: Shawn Heisey
> Assignee: Jan Høydahl
> Priority: Minor
> Labels: newdev
> Fix For: 6.3, master (7.0)
>
> Attachments: SOLR-7826.patch, SOLR-7826.patch
>
>
> Ran into an interesting situation on IRC today.
> Solr has been installed as a service using the shell script
> install_solr_service.sh ... so it is running as an unprivileged user.
> User is running "bin/solr create" as root. This causes permission problems,
> because the script creates the core's instanceDir with root ownership, then
> when Solr is instructed to actually create the core, it cannot create the
> dataDir.
> Enhancement idea: When the install script is used, leave breadcrumbs
> somewhere so that the "create core" section of the main script can find it
> and su to the user specified during install.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
