Thank you very much for your insights Kevin, I opted for adding the permission to security policy with: *permission java.io.FilePermission "/mnt/instance-data/solr/-", "read,write";*
I tested it and It's working now, Thanks. Ricardo Ruiz. On Thu, Mar 30, 2023 at 11:13 AM Kevin Risden <kris...@apache.org> wrote: > > > > *- Avoiding **symlinks for Solr's data directories would be a good idea.* > > Unfortunately, I can't avoid symlinks for the Solr data directory. Is > there > > anything else I can try? > > > > There are configs in solr.in.sh to actually set the right paths instead of > using symlinks - like setting SOLR_DATA_HOME but I gave other examples > instead. > > Kevin Risden > > > On Thu, Mar 30, 2023 at 1:11 PM Kevin Risden <kris...@apache.org> wrote: > > > add /mnt/instance-data/solr to etc/server/security.policy under the Solr > > install directory. ( > > https://github.com/apache/solr/blob/main/solr/server/etc/security.policy > ) > > > > or disable the security manager > > with setting SOLR_SECURITY_MANAGER_ENABLED=false in solr.in.sh > > > > Kevin Risden > > > > > > On Thu, Mar 30, 2023 at 12:49 PM Ricardo Ruiz <ricrui3s...@gmail.com> > > wrote: > > > >> Thanks, Shawn > >> > >> *- Is any part of /mnt/instance-data/solr/logs a symlink, * > >> Yes, */var/solr -> * */mnt/instance-data/solr. * > >> > >> *- Does the user that is running Solr have read/write permission to > that* > >> *location?* > >> The user that runs Solr is the *Solr *user and it does have read/write > >> permissions. > >> > >> solr@solr-sa-9-2-0:/mnt/instance-data/solr$ ls -la /mnt/instance-data/ > >> total 4 > >> drwxr-xr-x 3 root root 18 Mar 29 21:30 . > >> drwxr-xr-x 3 root root 4096 Mar 29 21:30 .. > >> drwxr-xr-x 4 solr solr 219 Mar 30 00:45 solr > >> > >> solr@solr-sa-9-2-0:/mnt/instance-data/solr$ ls -la > >> total 72 > >> drwxr-xr-x 4 solr solr 219 Mar 30 00:45 . > >> drwxr-xr-x 3 root root 18 Mar 29 21:30 .. > >> drwxr-x--- 2 solr solr 22 Mar 29 21:31 data > >> -rw-r----- 1 solr solr 3853 Mar 29 18:37 log4j2.xml > >> drwxr-x--- 2 solr solr 243 Mar 30 04:07 logs > >> -rw-r--r-- 1 solr solr 7 Mar 30 04:07 solr-8983.pid > >> -rw-r--r-- 1 solr solr 14778 Mar 30 00:23 solr.in.sh > >> > >> *- Avoiding **symlinks for Solr's data directories would be a good > idea.* > >> Unfortunately, I can't avoid symlinks for the Solr data directory. Is > >> there > >> anything else I can try? > >> > >> Thank you again for your help, > >> Ricardo Ruiz > >> > >> On Wed, Mar 29, 2023 at 10:19 PM Shawn Heisey <apa...@elyograg.org> > >> wrote: > >> > >> > On 3/29/2023 7:10 PM, Ricardo Ruiz wrote: > >> > > My configuration works for the other three versions, but when I try > to > >> > > start the service for 9.2.0, the start process fails and keeps > >> > > restarting over and over. > >> > > > >> > > From the logs, this is what I can see (please see the attached > file). > >> > > > >> > > I'm not sure what could have changed in this new version, or if this > >> is > >> > > a problem with the Ansible role, but any insight would be > appreciated. > >> > > >> > This is the relevant line from the log: > >> > > >> > Caused by: java.security.AccessControlException: access denied > >> > ("java.io.FilePermission" "/mnt/instance-data/solr/logs" "read") > >> > > >> > Is any part of /mnt/instance-data/solr/logs a symlink, or is Solr > >> > started with a directory setting that has a symlink to that location? > >> > Does the user that is running Solr have read/write permission to that > >> > location? > >> > > >> > The reason that I ask about symlinks is that Solr 9 starts with a > >> > security manager that restricts what directories it can access. We've > >> > already seen and fixed problems with symlinks for the install > directory, > >> > similar problems could exist for the data directories too. Avoiding > >> > symlinks for Solr's data directories would be a good idea. We'd like > to > >> > know about any problems there so we can fix them in a future version. > >> > > >> > Thanks, > >> > Shawn > >> > > >> > > >
