You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Charles Moad <cm...@imamuseum.org> on 2009/11/22 20:59:44 UTC
access denied to solr home lib dir
I have been trying to get a new solr install setup on Ubuntu 9.10
using tomcat6. I have tried the solr 1.4 release and the latest svn
for good measure. No matter what, I am running into the following
permission error. I removed all the lib includes from solrconfig.xml.
I have created the "/opt/solr/steve/lib" directory and all permissions
are good. This directory is optional, but I just cannot get past
this. I've installed solr 1.3 many times without running into this on
redhat boxes.
Thanks,
Charlie
Nov 22, 2009 2:48:53 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter SolrRequestFilter
org.apache.solr.common.SolrException:
java.security.AccessControlException: access denied
(java.io.FilePermission /opt/solr/steve/./lib read)
at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:68)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:255)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:397)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:108)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3800)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4450)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:556)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:491)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1206)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:583)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)
Caused by: java.security.AccessControlException: access denied
(java.io.FilePermission /opt/solr/steve/./lib read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.canRead(File.java:689)
at org.apache.solr.core.SolrResourceLoader.replaceClassLoader(SolrResourceLoader.java:157)
at org.apache.solr.core.SolrResourceLoader.addToClassLoader(SolrResourceLoader.java:128)
at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:97)
at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:195)
at org.apache.solr.core.Config.<init>(Config.java:93)
at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:65)
... 40 more
Re: access denied to solr home lib dir
Posted by Charles Moad <cm...@imamuseum.org>.
Thank you all for the insight into this problem. I was 100%
positive that selinux and file permissions were not the problems.
Turns out that tomcat 6 on ubuntu comes with a tomcat security manager
enabled by default. I had no desire to figure out how this works
since this is for local testing. I did find you could simply set
"TOMCAT6_SECURITY=no" in "/etc/default/tomcat6". Restarting tomcat
after that fixed my problems.
Thanks again,
Charlie
On Mon, Nov 23, 2009 at 4:38 PM, Chris Hostetter
<ho...@fucit.org> wrote:
>
> : Check. I even verified that the tomcat user could create the
> : directory (i.e. "sudo -u tomcat6 mkdir /opt/solr/steve/lib"). Still
> : solr complains.
>
> Note that you have an AccessControlException, not a simple
> FileNotFoundException ... the error here is coming from File.canRead (when
> Solr is asking if it has permision to read the file) but your
> ServletContainer evidently has a security policy in place that prevent's
> solr from even checking (if the security policy allowed it to check, then
> it would return true/false based on the actaul file permisions)...
>
> http://java.sun.com/j2se/1.4.2/docs/api/java/io/File.html#canRead%28%29
>
> Tests whether the application can read the file denoted by this
> abstract pathname.
>
> Returns:
> true if and only if the file specified by this abstract pathname
> exists and can be read by the application; false otherwise
> Throws:
> SecurityException - If a security manager exists and its
> SecurityManager.checkRead(java.lang.String) method denies read
> access to the file
>
> ...note that Tomcat doesn't have any special SecurityManager settings that
> prevent this by default. something about your tomcat deployment must be
> specifying specific Security Permision rules.
>
> : >> Caused by: java.security.AccessControlException: access denied
> : >> (java.io.FilePermission /opt/solr/steve/./lib read)
> : >> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> : >> at java.security.AccessController.checkPermission(AccessController.java:546)
> : >> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> : >> at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
> : >> at java.io.File.canRead(File.java:689)
> : >> at org.apache.solr.core.SolrResourceLoader.replaceClassLoader(SolrResourceLoader.java:157)
> : >> at org.apache.solr.core.SolrResourceLoader.addToClassLoader(SolrResourceLoader.java:128)
> : >> at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:97)
> : >> at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:195)
> : >> at org.apache.solr.core.Config.<init>(Config.java:93)
> : >> at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:65)
> : >> ... 40 more
>
>
> -Hoss
>
> imamuseum.org made the following annotations
> ---------------------------------------------------------------------
> Be A Member. Be Amazed. | Make your Museum, your community and your world a better place. | Join Today!
>
>
> ---------------------------------------------------------------------
>
>
>
> NOTICE:
>
> Mon Nov 23 2009 16:38:55
>
>
>
> This email message is for the sole use of the intended
> recipient(s) and may contain confidential and privileged information. Any
> unauthorized review, use, disclosure or distribution is prohibited. If you are
> not the intended recipient, please contact the sender by reply email and
> destroy all copies of the original message.
> ---------------------------------------------------------------------
>
>
Re: access denied to solr home lib dir
Posted by Chris Hostetter <ho...@fucit.org>.
: Check. I even verified that the tomcat user could create the
: directory (i.e. "sudo -u tomcat6 mkdir /opt/solr/steve/lib"). Still
: solr complains.
Note that you have an AccessControlException, not a simple
FileNotFoundException ... the error here is coming from File.canRead (when
Solr is asking if it has permision to read the file) but your
ServletContainer evidently has a security policy in place that prevent's
solr from even checking (if the security policy allowed it to check, then
it would return true/false based on the actaul file permisions)...
http://java.sun.com/j2se/1.4.2/docs/api/java/io/File.html#canRead%28%29
Tests whether the application can read the file denoted by this
abstract pathname.
Returns:
true if and only if the file specified by this abstract pathname
exists and can be read by the application; false otherwise
Throws:
SecurityException - If a security manager exists and its
SecurityManager.checkRead(java.lang.String) method denies read
access to the file
...note that Tomcat doesn't have any special SecurityManager settings that
prevent this by default. something about your tomcat deployment must be
specifying specific Security Permision rules.
: >> Caused by: java.security.AccessControlException: access denied
: >> (java.io.FilePermission /opt/solr/steve/./lib read)
: >> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
: >> at java.security.AccessController.checkPermission(AccessController.java:546)
: >> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
: >> at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
: >> at java.io.File.canRead(File.java:689)
: >> at org.apache.solr.core.SolrResourceLoader.replaceClassLoader(SolrResourceLoader.java:157)
: >> at org.apache.solr.core.SolrResourceLoader.addToClassLoader(SolrResourceLoader.java:128)
: >> at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:97)
: >> at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:195)
: >> at org.apache.solr.core.Config.<init>(Config.java:93)
: >> at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:65)
: >> ... 40 more
-Hoss
Re: access denied to solr home lib dir
Posted by Charles Moad <cm...@imamuseum.org>.
Check. I even verified that the tomcat user could create the
directory (i.e. "sudo -u tomcat6 mkdir /opt/solr/steve/lib"). Still
solr complains.
On Sun, Nov 22, 2009 at 10:03 PM, Yonik Seeley <ys...@gmail.com> wrote:
> Maybe ensuring that the full parent path (all parent directories) have
> "rx" permissions?
>
> -Yonik
> http://www.lucidimagination.com
>
> On Sun, Nov 22, 2009 at 2:59 PM, Charles Moad <cm...@imamuseum.org> wrote:
>> I have been trying to get a new solr install setup on Ubuntu 9.10
>> using tomcat6. I have tried the solr 1.4 release and the latest svn
>> for good measure. No matter what, I am running into the following
>> permission error. I removed all the lib includes from solrconfig.xml.
>> I have created the "/opt/solr/steve/lib" directory and all permissions
>> are good. This directory is optional, but I just cannot get past
>> this. I've installed solr 1.3 many times without running into this on
>> redhat boxes.
>>
>> Thanks,
>> Charlie
>>
>> Nov 22, 2009 2:48:53 PM org.apache.catalina.core.StandardContext filterStart
>> SEVERE: Exception starting filter SolrRequestFilter
>> org.apache.solr.common.SolrException:
>> java.security.AccessControlException: access denied
>> (java.io.FilePermission /opt/solr/steve/./lib read)
>> at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:68)
>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
>> at java.lang.Class.newInstance0(Class.java:355)
>> at java.lang.Class.newInstance(Class.java:308)
>> at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:255)
>> at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:397)
>> at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:108)
>> at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3800)
>> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4450)
>> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
>> at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
>> at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
>> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
>> at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630)
>> at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:556)
>> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:491)
>> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1206)
>> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
>> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
>> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
>> at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
>> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
>> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>> at org.apache.catalina.core.StandardService.start(StandardService.java:516)
>> at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
>> at org.apache.catalina.startup.Catalina.start(Catalina.java:583)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)
>> Caused by: java.security.AccessControlException: access denied
>> (java.io.FilePermission /opt/solr/steve/./lib read)
>> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>> at java.security.AccessController.checkPermission(AccessController.java:546)
>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>> at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
>> at java.io.File.canRead(File.java:689)
>> at org.apache.solr.core.SolrResourceLoader.replaceClassLoader(SolrResourceLoader.java:157)
>> at org.apache.solr.core.SolrResourceLoader.addToClassLoader(SolrResourceLoader.java:128)
>> at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:97)
>> at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:195)
>> at org.apache.solr.core.Config.<init>(Config.java:93)
>> at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:65)
>> ... 40 more
>>
>
> imamuseum.org made the following annotations
> ---------------------------------------------------------------------
> Be A Member. Be Amazed. | Make your Museum, your community and your world a better place. | Join Today!
>
>
> ---------------------------------------------------------------------
>
>
>
> NOTICE:
>
> Sun Nov 22 2009 22:03:53
>
>
>
> This email message is for the sole use of the intended
> recipient(s) and may contain confidential and privileged information. Any
> unauthorized review, use, disclosure or distribution is prohibited. If you are
> not the intended recipient, please contact the sender by reply email and
> destroy all copies of the original message.
> ---------------------------------------------------------------------
>
>
Re: access denied to solr home lib dir
Posted by Yonik Seeley <ys...@gmail.com>.
Maybe ensuring that the full parent path (all parent directories) have
"rx" permissions?
-Yonik
http://www.lucidimagination.com
On Sun, Nov 22, 2009 at 2:59 PM, Charles Moad <cm...@imamuseum.org> wrote:
> I have been trying to get a new solr install setup on Ubuntu 9.10
> using tomcat6. I have tried the solr 1.4 release and the latest svn
> for good measure. No matter what, I am running into the following
> permission error. I removed all the lib includes from solrconfig.xml.
> I have created the "/opt/solr/steve/lib" directory and all permissions
> are good. This directory is optional, but I just cannot get past
> this. I've installed solr 1.3 many times without running into this on
> redhat boxes.
>
> Thanks,
> Charlie
>
> Nov 22, 2009 2:48:53 PM org.apache.catalina.core.StandardContext filterStart
> SEVERE: Exception starting filter SolrRequestFilter
> org.apache.solr.common.SolrException:
> java.security.AccessControlException: access denied
> (java.io.FilePermission /opt/solr/steve/./lib read)
> at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:68)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
> at java.lang.Class.newInstance0(Class.java:355)
> at java.lang.Class.newInstance(Class.java:308)
> at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:255)
> at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:397)
> at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:108)
> at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3800)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4450)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
> at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
> at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
> at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630)
> at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:556)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:491)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1206)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> at org.apache.catalina.core.StandardService.start(StandardService.java:516)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:583)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)
> Caused by: java.security.AccessControlException: access denied
> (java.io.FilePermission /opt/solr/steve/./lib read)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> at java.security.AccessController.checkPermission(AccessController.java:546)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
> at java.io.File.canRead(File.java:689)
> at org.apache.solr.core.SolrResourceLoader.replaceClassLoader(SolrResourceLoader.java:157)
> at org.apache.solr.core.SolrResourceLoader.addToClassLoader(SolrResourceLoader.java:128)
> at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:97)
> at org.apache.solr.core.SolrResourceLoader.<init>(SolrResourceLoader.java:195)
> at org.apache.solr.core.Config.<init>(Config.java:93)
> at org.apache.solr.servlet.SolrDispatchFilter.<init>(SolrDispatchFilter.java:65)
> ... 40 more
>