This is being controlled by the Java security manager. If you need to create a core or store a backup outside the default paths, you will need to tell Solr which paths to allow. A new element in solr.xml called allowPaths takes a comma-separated list of allowed paths.
From https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html also called out a bit here - https://solr.apache.org/guide/solr/latest/deployment-guide/user-managed-index-replication.html You have 2 options: * Disable security manager by SOLR_SECURITY_MANAGER_ENABLED=false * Add the backup path to the allowed paths -Dsolr.allowPaths=/mnt/bms/solr_cluster_backups Kevin Risden On Tue, Jul 1, 2025 at 10:12 AM Björn Keil <bjoern.k...@gmx.de.invalid> wrote: > Hello, > > > I have a file permission problem creating up backups with my little test > Solr cluster, according to > > https://solr.apache.org/guide/solr/latest/deployment-guide/collection-management.html#backup > . > > > Every time I try to pull a backup I get an error. > > Command: > $ sudo -u solr curl > ' > http://localhost:8983/solr/admin/collections?action=BACKUP&name=book_20250701&collection=book&location=file%3A%2F%2F%2Fmnt%2Fbms%2Fsolr_cluster_backups > ' > > Log entry: > 2025-07-01 13:50:28.844 ERROR (qtp1275009283-23-beta.intern-645) [c:book > s: r: x: t:beta.intern-645] o.a.s.h.RequestHandlerBase Server exception > => java.security.AccessControlException: access denied ("java.io.Fi > lePermission" "/mnt/bms/solr_cluster_backups" "read") > at > > java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > (etc. see attachment for full stack trace.) > > > That does not make sense. > > > It's a trio of Solr 9.8.1 servers running on Ubuntu 22.04 using OpenJDK > 11. The server runs as user "solr", which is uid 119 all three servers, > typically using systemd, but the problem persists even if I start the > server by hand using "/opt/solr/bin/solr start --cloud". > > > On all three servers there is a directory /mnt/bms/solr_cluster_backups, > where /mnt/bms is a share from the local NAS. The directory > /mnt/bms/solr_clusterbackups is owned by solr and the permissions are > set to "chown 0777 /mnt/bms/solr_cluster_backups". > > I have have verified the following: > > * The user "solr" is able to write into the directory on each of the > three servers using "touch /mnt/bms/solr_cluster_backups". > > * Usually I run Solr using SystemD. To exclude the possibility that > SystemD is the problem, I ran Solr by hand and the problem persists. > > * I have written a little Java program to check whether > java.nio.files.Files.exist() always yields an exception if called by the > "solr" user on any one of the three servers. The answer is: No, it > doesn't. See the attached java source code. > > * I have checked whether the problem is related to apparmor, but it > isn't. sudo systemctl status apparmor.service yields a: "Unit > apparmor.service could not be found." > > * I haven't configured any security for Solr of for Zookeeper. > > So, for some funny > >
