Solr server does not have permission to read a specific file in the Jetty
temporary directory
for you local setup
try starting solr with java.security.manager=allow
It will disable the security manager entirely and remove all the security
checks enforced by it, allowing SOLR to access any files or resources
without restrictions.
Note that, its *not recommended for prod* envs.
If you have separate policy files, you can add dir/file specific grant
permissions.
best,
govind
On Sat, Oct 19, 2024 at 6:01 AM Ivo Janssen <fox...@gmail.com> wrote:
> Hi all,
>
> I'm using Solr 9.7 on MacOS, with Cell enabled, and it returns a 500 error
> when I try to add a document. The error on Solr's side is as follows:
>
> (full log truncated; can paste the full output if desired)
> ```
> 2024-10-18 00:49:03.350 INFO (qtp1955990522-40-localhost-1) [c: s: r:
> x:test_docstore t:localhost-1] o.a.s.c.PluginBag Going to create a new
> requestHandler with {type = requestHandler,name = /update/extract,class =
> solr.extraction.ExtractingRequestHandler,attributes = {startup=lazy,
> name=/update/extract, class=solr.extraction.ExtractingRequestHandler},args
> = {defaults={fmap.Last-Modified=last_modified, uprefix=ignored_,
> df=_text_}}}
> 2024-10-18 00:49:03.653 ERROR (qtp1955990522-40-localhost-1) [c: s: r:
> x:test_docstore t:localhost-1] o.a.s.s.HttpSolrCall 500 Exception =>
> java.lang.IllegalStateException: java.security.AccessControlException:
> access denied ("java.io.FilePermission"
>
> "/private/var/folders/8y/0166d0yx0wd7lxycs42l6t9c0000gs/T/jetty-127_0_0_1-8983-webapp-_solr-any-16097010865664396603"
> "read")
> at
>
> org.eclipse.jetty.server.MultiPartFormInputStream.throwIfError(MultiPartFormInputStream.java:526)
> java.lang.IllegalStateException: java.security.AccessControlException:
> access denied ("java.io.FilePermission"
>
> "/private/var/folders/8y/0166d0yx0wd7lxycs42l6t9c0000gs/T/jetty-127_0_0_1-8983-webapp-_solr-any-16097010865664396603"
> "read")
> at
>
> org.eclipse.jetty.server.MultiPartFormInputStream.throwIfError(MultiPartFormInputStream.java:526)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at
>
> org.eclipse.jetty.server.MultiPartFormInputStream.getParts(MultiPartFormInputStream.java:491)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at
>
> org.eclipse.jetty.server.MultiParts$MultiPartsHttpParser.getParts(MultiParts.java:90)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at org.eclipse.jetty.server.Request.getParts(Request.java:2354)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at org.eclipse.jetty.server.Request.getParts(Request.java:2328)
> ~[jetty-server-10.0.22.jar:10.0.22]
> at
>
> javax.servlet.http.HttpServletRequestWrapper.getParts(HttpServletRequestWrapper.java:317)
> ~[jetty-servlet-api-4.0.6.jar:?]
> at
>
> org.apache.solr.servlet.SolrRequestParsers$MultipartRequestParser.parseParamsAndFillStreams(SolrRequestParsers.java:649)
> ~[?:?]
> at
>
> org.apache.solr.servlet.SolrRequestParsers$StandardRequestParser.parseParamsAndFillStreams(SolrRequestParsers.java:893)
> ~[?:?]
> at
>
> org.apache.solr.servlet.SolrRequestParsers.parse(SolrRequestParsers.java:169)
> ~[?:?]
> at org.apache.solr.servlet.HttpSolrCall.init(HttpSolrCall.java:313) ~[?:?]
> at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:524) ~[?:?]
> at
>
> org.apache.solr.servlet.SolrDispatchFilter.dispatch(SolrDispatchFilter.java:251)
> ~[?:?]
> at
>
> org.apache.solr.servlet.SolrDispatchFilter.lambda$doFilter$0(SolrDispatchFilter.java:208)
> ~[?:?]
> at
>
> org.apache.solr.servlet.ServletUtils.traceHttpRequestExecution2(ServletUtils.java:243)
> ~[?:?]
> at
>
> org.apache.solr.servlet.ServletUtils.rateLimitRequest(ServletUtils.java:213)
> ~[?:?]
> ...
> ```
>
> My limited knowledge of MacOS internals makes me believe it's related to
> temp file creation/deletion, but the folder in question is indeed readable
> by the current user. (in fact, Solr seems to be fine with creating and
> deleting it, since it disappears when I shut down Solr, and reappears again
> when I restart it)
>
> Is this a Solr issue, a Jetty issue, or...? Any thoughts on how to solve?
>
> Any help is much appreciated.
>
