You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Roman Kosenko (Jira)" <ji...@apache.org> on 2020/06/22 10:50:00 UTC

[jira] [Created] (SOLR-14585) Check the current user in SysV init script

Roman Kosenko created SOLR-14585:
------------------------------------

             Summary: Check the current user in SysV init script
                 Key: SOLR-14585
                 URL: https://issues.apache.org/jira/browse/SOLR-14585
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
          Components: scripts and tools
    Affects Versions: 8.5.2
            Reporter: Roman Kosenko
         Attachments: init.d-solr.diff

While SOLR-14410 is still open I propose a quick fix/improvement for init.d script - check the current user and, if it is the same as RUNAS user, then don't execute "su".

 

Background:

Systemd has backward compatibility with SysV and able to run scripts from /etc/init.d, but SELinux policies in many distros encourage changing user before this stage and prohibits executing of "su" binary, so it would be logical to do this at systemd level (/etc/systemd/system/solr.service.d/override.conf). In this case, the current init.d script for Solr is missing one very trivial check - `"$RUNAS" != "$USER"`. See the diff-file in the attachment.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org