add /mnt/instance-data/solr to etc/server/security.policy under the Solr
install directory. (
https://github.com/apache/solr/blob/main/solr/server/etc/security.policy)
or disable the security manager
with setting SOLR_SECURITY_MANAGER_ENABLED=false in solr.in.sh
Kevin Risden
On Thu, Mar 30, 2023 at 12:49 PM Ricardo Ruiz <ricrui3s...@gmail.com> wrote:
> Thanks, Shawn
>
> *- Is any part of /mnt/instance-data/solr/logs a symlink, *
> Yes, */var/solr -> * */mnt/instance-data/solr. *
>
> *- Does the user that is running Solr have read/write permission to that*
> *location?*
> The user that runs Solr is the *Solr *user and it does have read/write
> permissions.
>
> solr@solr-sa-9-2-0:/mnt/instance-data/solr$ ls -la /mnt/instance-data/
> total 4
> drwxr-xr-x 3 root root 18 Mar 29 21:30 .
> drwxr-xr-x 3 root root 4096 Mar 29 21:30 ..
> drwxr-xr-x 4 solr solr 219 Mar 30 00:45 solr
>
> solr@solr-sa-9-2-0:/mnt/instance-data/solr$ ls -la
> total 72
> drwxr-xr-x 4 solr solr 219 Mar 30 00:45 .
> drwxr-xr-x 3 root root 18 Mar 29 21:30 ..
> drwxr-x--- 2 solr solr 22 Mar 29 21:31 data
> -rw-r----- 1 solr solr 3853 Mar 29 18:37 log4j2.xml
> drwxr-x--- 2 solr solr 243 Mar 30 04:07 logs
> -rw-r--r-- 1 solr solr 7 Mar 30 04:07 solr-8983.pid
> -rw-r--r-- 1 solr solr 14778 Mar 30 00:23 solr.in.sh
>
> *- Avoiding **symlinks for Solr's data directories would be a good idea.*
> Unfortunately, I can't avoid symlinks for the Solr data directory. Is there
> anything else I can try?
>
> Thank you again for your help,
> Ricardo Ruiz
>
> On Wed, Mar 29, 2023 at 10:19 PM Shawn Heisey <apa...@elyograg.org> wrote:
>
> > On 3/29/2023 7:10 PM, Ricardo Ruiz wrote:
> > > My configuration works for the other three versions, but when I try to
> > > start the service for 9.2.0, the start process fails and keeps
> > > restarting over and over.
> > >
> > > From the logs, this is what I can see (please see the attached file).
> > >
> > > I'm not sure what could have changed in this new version, or if this is
> > > a problem with the Ansible role, but any insight would be appreciated.
> >
> > This is the relevant line from the log:
> >
> > Caused by: java.security.AccessControlException: access denied
> > ("java.io.FilePermission" "/mnt/instance-data/solr/logs" "read")
> >
> > Is any part of /mnt/instance-data/solr/logs a symlink, or is Solr
> > started with a directory setting that has a symlink to that location?
> > Does the user that is running Solr have read/write permission to that
> > location?
> >
> > The reason that I ask about symlinks is that Solr 9 starts with a
> > security manager that restricts what directories it can access. We've
> > already seen and fixed problems with symlinks for the install directory,
> > similar problems could exist for the data directories too. Avoiding
> > symlinks for Solr's data directories would be a good idea. We'd like to
> > know about any problems there so we can fix them in a future version.
> >
> > Thanks,
> > Shawn
> >
>
