[
https://issues.apache.org/jira/browse/SOLR-10644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl updated SOLR-10644:
-------------------------------
Attachment: SOLR-10644-reopen.patch
Attaching proposed patch {{SOLR-10644-reopen.patch}}
* solr.in.sh will be owned by root, readable by SOLR_USER but not by world
* tested on Ubuntu, CentOS and OpenSuse
* For OpenSuse, user-group was not created by default, so modified useradd
command to create user-group {{-U}} and to place home-dir in /var/solr
{{useradd --system -U -m --home-dir "$SOLR_VAR_DIR" "$SOLR_USER"}}
* Did the same modifications for RedHat (tested on CentOS) for completeness
> solr.in.sh installed by install script should be writable by solr user
> ----------------------------------------------------------------------
>
> Key: SOLR-10644
> URL: https://issues.apache.org/jira/browse/SOLR-10644
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: scripts and tools
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Fix For: 6.6, master (7.0)
>
> Attachments: SOLR-10644.patch, SOLR-10644-reopen.patch
>
>
> Spinoff from SOLR-8440
> {{install_solr_service.sh}} installs {{solr.in.sh}} as world-readable but not
> solr user writable:
> {noformat}
> -rw-r--r-- 1 root root 5968 Feb 15 14:55 /etc/default/solr.in.sh
> {noformat}
> For better security, and ease for scripts to update solr.in.sh, this should
> change to:
> {noformat}
> -rw-rw---- 1 root solr 5968 Feb 15 14:55 /etc/default/solr.in.sh
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
