[
https://issues.apache.org/jira/browse/SOLR-10644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16007190#comment-16007190
]
Hoss Man commented on SOLR-10644:
---------------------------------
bq. This would produce ...
that seems fine by me.
personally I don't see any downside to it being world readable -- yes it may
contain "passwords", but anyone with local access to the system who can read a
world readable file can also read "ps" output and see any property from that
file that might be passed to a running solr process.
> solr.in.sh installed by install script should be writable by solr user
> ----------------------------------------------------------------------
>
> Key: SOLR-10644
> URL: https://issues.apache.org/jira/browse/SOLR-10644
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: scripts and tools
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Fix For: 6.6, master (7.0)
>
> Attachments: SOLR-10644.patch
>
>
> Spinoff from SOLR-8440
> {{install_solr_service.sh}} installs {{solr.in.sh}} as world-readable but not
> solr user writable:
> {noformat}
> -rw-r--r-- 1 root root 5968 Feb 15 14:55 /etc/default/solr.in.sh
> {noformat}
> For better security, and ease for scripts to update solr.in.sh, this should
> change to:
> {noformat}
> -rw-rw---- 1 root solr 5968 Feb 15 14:55 /etc/default/solr.in.sh
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
