[
https://issues.apache.org/jira/browse/SOLR-5287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13835877#comment-13835877
]
Erick Erickson commented on SOLR-5287:
--------------------------------------
bq: because editing config files with the admin UI is only for beginners, ...
but if they have to edit the config itsself on the local file system to use
this feature, it would not really help them....
Let's agree to disagree on these points. I frequently want to change the
configs and the admin UI would be a convenient way to do that. Especially when
coaching clients remotely who may or may not have installed the system and who
may or may not know where the configs are on the filesystem. One person one
time would change the config to enable this, while people tinker with the
config files _all the time_, so IMO editing solrconfig.xml once would be effort
well spent.
As far as the beginners statement is concerned, the cavalier way we dismiss the
difficulty people have when they just start using Solr has disturbed me for
quite some time, there's no way I'll agree that we should not consider an
option because it's "just for beginners". Everyone's a beginner sometime.
That said, the issue is security, the rest is a distraction. Let's keep the
discussion focused on that. Would disabling this capability by default answer
the security issue? Or is it still too much of a "back door"? That's the
central question IMO, and I'll gladly defer to your expertise in this area.
Whether a REST-API would be a better way to address the possibility is
certainly a valid point, and one I entertained early on. Uploading configs
seemed much easier to implement, as in "progress, not perfection". But if
"easier" means a major security hole, even with the capability disabled by
default, then there's not much more to discuss, we'll have to back it out.
> Allow at least solrconfig.xml and schema.xml to be edited via the admin screen
> ------------------------------------------------------------------------------
>
> Key: SOLR-5287
> URL: https://issues.apache.org/jira/browse/SOLR-5287
> Project: Solr
> Issue Type: Improvement
> Components: Schema and Analysis, web gui
> Affects Versions: 4.5, 5.0
> Reporter: Erick Erickson
> Assignee: Erick Erickson
> Priority: Blocker
> Fix For: 5.0, 4.7
>
> Attachments: SOLR-5287.patch, SOLR-5287.patch, SOLR-5287.patch,
> SOLR-5287.patch, SOLR-5287.patch
>
>
> A user asking a question on the Solr list got me to thinking about editing
> the main config files from the Solr admin screen. I chatted briefly with
> [~steffkes] about the mechanics of this on the browser side, he doesn't see a
> problem on that end. His comment is there's no end point that'll write the
> file back.
> Am I missing something here or is this actually not a hard problem? I see a
> couple of issues off the bat, neither of which seem troublesome.
> 1> file permissions. I'd imagine lots of installations will get file
> permission exceptions if Solr tries to write the file out. Well, do a
> chmod/chown.
> 2> screwing up the system maliciously or not. I don't think this is an issue,
> this would be part of the admin handler after all.
> Does anyone have objections to the idea? And how does this fit into the work
> that [[email protected]] has been doing?
> I can imagine this extending to SolrCloud with a "push this to ZK" option or
> something like that, perhaps not in V1 unless it's easy.....
> Of course any pointers gratefully received. Especially ones that start with
> "Don't waste your effort, it'll never work (or be accepted)"...
> Because what scares me is this seems like such an easy thing to do that would
> be a significant ease-of-use improvement, so there _has_ to be something I'm
> missing.
> So if we go forward with this we'll make this the umbrella JIRA, the two
> immediate sub-JIRAs that spring to mind will be the UI work and the endpoints
> for the UI work to use.
> I think there are only two end-points here
> 1> list all the files in the conf (or arbitrary from <solr_home>/collection)
> directory.
> 2> write this text to this file
> Possibly later we could add "clone the configs from coreX to coreY".
> BTW, I've assigned this to myself so I don't lose it, but if anyone wants to
> take it over it won't hurt my feelings a bit....
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
