[
https://issues.apache.org/jira/browse/SOLR-8440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16002292#comment-16002292
]
Jan Høydahl edited comment on SOLR-8440 at 5/9/17 8:48 AM:
-----------------------------------------------------------
A comment on the choice of location for {{basicAuth.conf}}. It will be placed
next to SOLR_INCLUDE_FILE. Three problems with that:
* {{install_solr_service.sh}} defaults to {{/etc/default}} as location for
solr.in.sh, and that folder is only writable by root, and creation of the new
file will fail
* When installing multiple instances of Solr on same node, the second instance
will use e.g. {{/etc/default/solr2.in.sh}}, but you're only using a static file
name {{basicAuth.conf}} which will then overwrite the password for the previous
instance already running.
* The generic name {{basicAuth.conf}} is bad if the file will reside in a
non-solr-specific path such as {{/etc/default/}}
Due to these three issues, should we change the default location of
{{basicAuth.conf}} to {{SOLR_VAR_DIR}} instead, since this folder is guaranteed
unique per Solr instance {{/var/solr}}, {{/var/solr2}} etc, and the solr user
already have write access to it, and it's where we already put PID file.
I think that change can be done by re-opening this issue and doing another
commit.
In addition, we should spin off new JIRAs:
* To change default permission of {{solr.in.sh}} to writable by Solr user, [as
discussed
above|https://issues.apache.org/jira/browse/SOLR-8440?focusedCommentId=16001492&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16001492]
*SOLR-10644*
* To make {{solr auth}} command work in non-cloud mode, as commented [a few
days
ago|https://issues.apache.org/jira/browse/SOLR-8440?focusedCommentId=15999996&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15999996]
*SOLR-10645*
* To modify bin/solr to NOT pass authentication options on cmdline for {{solr
start}} as also discussed above *SOLR-10646*
was (Author: janhoy):
A comment on the choice of location for {{basicAuth.conf}}. It will be placed
next to SOLR_INCLUDE_FILE. Three problems with that:
* {{install_solr_service.sh}} defaults to {{/etc/default}} as location for
solr.in.sh, and that folder is only writable by root, and creation of the new
file will fail
* When installing multiple instances of Solr on same node, the second instance
will use e.g. {{/etc/default/solr2.in.sh}}, but you're only using a static file
name {{basicAuth.conf}} which will then overwrite the password for the previous
instance already running.
* The generic name {{basicAuth.conf}} is bad if the file will reside in a
non-solr-specific path such as {{/etc/default/}}
Due to these three issues, should we change the default location of
{{basicAuth.conf}} to {{SOLR_VAR_DIR}} instead, since this folder is guaranteed
unique per Solr instance {{/var/solr}}, {{/var/solr2}} etc, and the solr user
already have write access to it, and it's where we already put PID file.
I think that change can be done by re-opening this issue and doing another
commit.
In addition, we should spin off new JIRAs:
* To change default permission of {{solr.in.sh}} to writable by Solr user, [as
discussed
above|https://issues.apache.org/jira/browse/SOLR-8440?focusedCommentId=16001492&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16001492]
* To make {{solr auth}} command work in non-cloud mode, as commented [a few
days
ago|https://issues.apache.org/jira/browse/SOLR-8440?focusedCommentId=15999996&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15999996]
* To modify bin/solr to NOT pass authentication options on cmdline for {{solr
start}} as also discussed above
> Script support for enabling basic auth
> --------------------------------------
>
> Key: SOLR-8440
> URL: https://issues.apache.org/jira/browse/SOLR-8440
> Project: Solr
> Issue Type: New Feature
> Components: scripts and tools
> Reporter: Jan Høydahl
> Assignee: Ishan Chattopadhyaya
> Labels: authentication, security
> Fix For: 6.6, master (7.0)
>
> Attachments: SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch,
> SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch,
> SOLR-8440.patch
>
>
> Now that BasicAuthPlugin will be able to work without an AuthorizationPlugin
> (SOLR-8429), it would be sweet to provide a super simple way to "Password
> protect Solr"™ right from the command line:
> {noformat}
> bin/solr basicAuth -adduser -user solr -pass SolrRocks
> {noformat}
> It would take the mystery out of enabling one single password across the
> board. The command would do something like this
> # Check if HTTPS is enabled, and if not, print a friendly warning
> # Check if {{/security.json}} already exists
> ## NO => create one with only plugin class defined
> ## YES => Abort if exists but plugin is not {{BasicAuthPlugin}}
> # Using security REST API, add the new user
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
