RE: user solr created by install not working with default password
That solr user defined in security.json is not the same as linux user solr that runs the solr service. The web authentication is controlled by the /security.json file in ZK. The security user can be any username you choose. On linux you can "sudo su solr" to switch to user solr. The linux user solr does not have a password stored as it's a service account so "su solr" would not work. -Original Message- From: Jörn Franke Sent: Wednesday, December 11, 2019 4:46 PM To: solr-user@lucene.apache.org Subject: Re: user solr created by install not working with default password Even for in-house without no outside access you should have authentication and https. There can be a tiny misconfiguration somewhere else not controlled by you and you face suddenly a big open leak. Never do this - not even for development environments (here another important aspect is if there are possible authentication issues that you are aware of them early). > Am 11.12.2019 um 17:18 schrieb rhys J : > > I installed Solr following the directions on this site: > > https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fluce > ne.apache.org%2Fsolr%2Fguide%2F6_6%2Finstalling-solr.htmldata=02% > 7C01%7CKhuong.Nguyen1%40uspto.gov%7C07d05f1fc0f64377b03408d77e838b40%7 > Cff4abfe983b540268b8ffa69a1cad0b8%7C1%7C0%7C637116975756344665sda > ta=z7U8%2Fqy1KRfkKOfpPE3z51sAVyehssDDC8d2QGk5aiw%3Dreserved=0 > > I am running standalone Solr with no authentication added because it > is all in-house with no access to outside requests. > > When I try to su solr, using the password mentioned here: > https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fluci > dworks.com%2Fpost%2Fsecuring-solr-basic-auth-permission-rules%2Fdata=02%7C01%7CKhuong.Nguyen1%40uspto.gov%7C07d05f1fc0f64377b03408d77e838b40%7Cff4abfe983b540268b8ffa69a1cad0b8%7C1%7C0%7C637116975756344665sdata=upzKuCQE2FRcyCu8Tu9R0kPK47%2BZLBymotpU%2FX4dvJU%3Dreserved=0, > i get an authentication failure. > > I'm trying to chase down a bug, and I need to be able to see the > results of some commands from the user solr's perspective. > > What am I doing wrong? > > Thanks, > > Rhys
Re: user solr created by install not working with default password
Even for in-house without no outside access you should have authentication and https. There can be a tiny misconfiguration somewhere else not controlled by you and you face suddenly a big open leak. Never do this - not even for development environments (here another important aspect is if there are possible authentication issues that you are aware of them early). > Am 11.12.2019 um 17:18 schrieb rhys J : > > I installed Solr following the directions on this site: > > https://lucene.apache.org/solr/guide/6_6/installing-solr.html > > I am running standalone Solr with no authentication added because it is all > in-house with no access to outside requests. > > When I try to su solr, using the password mentioned here: > https://lucidworks.com/post/securing-solr-basic-auth-permission-rules/, i > get an authentication failure. > > I'm trying to chase down a bug, and I need to be able to see the results of > some commands from the user solr's perspective. > > What am I doing wrong? > > Thanks, > > Rhys
Re: user solr created by install not working with default password
> That page talks about setting up authentication for HTTP access to the > Solr API. It has nothing at all to do with the OS user created by the > service install script. > > When the service install creates the OS user for the service, it is > created in such a way that its password is disabled. You can't use a > password for that user. On my Linux machine with a Solr service > installed, the hashed password entry in /etc/shadow is * - an asterisk. > > Here is an excerpt from the man page for shadow: > > Thanks for explaining that. I was confused. Rhys
Re: user solr created by install not working with default password
On 12/11/2019 9:17 AM, rhys J wrote: When I try to su solr, using the password mentioned here: https://lucidworks.com/post/securing-solr-basic-auth-permission-rules/, i get an authentication failure. That page talks about setting up authentication for HTTP access to the Solr API. It has nothing at all to do with the OS user created by the service install script. When the service install creates the OS user for the service, it is created in such a way that its password is disabled. You can't use a password for that user. On my Linux machine with a Solr service installed, the hashed password entry in /etc/shadow is * - an asterisk. Here is an excerpt from the man page for shadow: --- If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means). --- I'm trying to chase down a bug, and I need to be able to see the results of some commands from the user solr's perspective. If you do the su as root, you won't need a password. Or you can use sudo to do what you need. Thanks, Shawn
user solr created by install not working with default password
I installed Solr following the directions on this site: https://lucene.apache.org/solr/guide/6_6/installing-solr.html I am running standalone Solr with no authentication added because it is all in-house with no access to outside requests. When I try to su solr, using the password mentioned here: https://lucidworks.com/post/securing-solr-basic-auth-permission-rules/, i get an authentication failure. I'm trying to chase down a bug, and I need to be able to see the results of some commands from the user solr's perspective. What am I doing wrong? Thanks, Rhys