You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Michael Dürr <al...@gmail.com> on 2017/02/05 03:19:29 UTC
solr init script won't execute under user account without login shell
Hello,
please apologize if this is the wrong place to file my request! (Should I
open a JIRA issue instead?)
The problem:
I'm using solr 6.3.0. In my solr setup I apply some plugin code which
requires write access to some directories which are owned by the user
"tomcat". This user has no login shell (i.e. passwd holds /bin/false).
Due to our security policies I'm not allowed to simply add the "solr" user
to the "tomcat" group (in order to provide him write access to those
directories).
The obvious solution is to install solr under user "tomcat" (i.e. execute
the solr installation script with parameter "-u tomcat")
However, due to the missing login shell I won't be able to start solr via
the standard solr init script any longer.
My temporary solution is to add the command line option "-s /bin/bash" to
the solr init script by hand.
Is there already a better way to avoid this manual modification?
If not - might it be a good idea to add an option to the installation
script in order to specify a shell?
Best regards,
Michael
Re: solr init script won't execute under user account without login
shell
Posted by Shawn Heisey <ap...@elyograg.org>.
On 3/10/2017 10:12 AM, Chris Hostetter wrote:
> If i understand correctly, you mean you've modified the init.d/solr
> script such that when "su" is run you pass "-s /bin/bash" ?
I do not think we can be absolutely certain that bash will *always* be
in that exact location.
Checked the bash source tarball, and it installs to /usr/local/bin by
default. OS builders are modifying the install location.
It does appear that the service installer script hardcodes /bin/bash as
the solr user's shell when creating it. That's probably a mistake, even
though it does appear to work for people.
If the shell of the user is /bin/sh (or /bin/sh is run by su), does
everything still work? That exact binary is nearly guaranteed to be on
every POSIX system. I would expect /bin/sh to work, because the shebang
of bin/solr and friends (where bashims are actually needed) is
"#!/usr/bin/env bash". I notice that the shebang of the init script
itself points at /bin/sh.
Thanks,
Shawn
Re: solr init script won't execute under user account without login
shell
Posted by Chris Hostetter <ho...@fucit.org>.
: My temporary solution is to add the command line option "-s /bin/bash" to
: the solr init script by hand.
:
: Is there already a better way to avoid this manual modification?
:
: If not - might it be a good idea to add an option to the installation
: script in order to specify a shell?
If i understand correctly, you mean you've modified the init.d/solr script
such that when "su" is run you pass "-s /bin/bash" ?
that seems like a worthwhile improvement ... but in the general case we
should probably make that an option you can set when running
install_solr_service.sh (just like you can modify the RUNAS value)
can you please file a jira with this request? (and a patch if you feel
like you have a good grasp of the bash/sed scripting needed) ...
https://issues.apache.org/jira/browse/SOLR
-Hoss
http://www.lucidworks.com/