Thank you. That helped a lot. I added a line to /opt/solr/bin/solr.in.sh: SOLR_OPTS="$SOLR_OPTS -Dsolr.allowPaths=/mnt/bms/solr_cluster_backups"
Am 01.07.25 um 16:29 schrieb Kevin Risden:
This is being controlled by the Java security manager. If you need to create a core or store a backup outside the default paths, you will need to tell Solr which paths to allow. A new element in solr.xml called allowPaths takes a comma-separated list of allowed paths. From https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html also called out a bit here - https://solr.apache.org/guide/solr/latest/deployment-guide/user-managed-index-replication.html You have 2 options: * Disable security manager by SOLR_SECURITY_MANAGER_ENABLED=false * Add the backup path to the allowed paths -Dsolr.allowPaths=/mnt/bms/solr_cluster_backups Kevin Risden On Tue, Jul 1, 2025 at 10:12 AM Björn Keil <bjoern.k...@gmx.de.invalid> wrote:Hello, I have a file permission problem creating up backups with my little test Solr cluster, according to https://solr.apache.org/guide/solr/latest/deployment-guide/collection-management.html#backup . Every time I try to pull a backup I get an error. Command: $ sudo -u solr curl ' http://localhost:8983/solr/admin/collections?action=BACKUP&name=book_20250701&collection=book&location=file%3A%2F%2F%2Fmnt%2Fbms%2Fsolr_cluster_backups ' Log entry: 2025-07-01 13:50:28.844 ERROR (qtp1275009283-23-beta.intern-645) [c:book s: r: x: t:beta.intern-645] o.a.s.h.RequestHandlerBase Server exception => java.security.AccessControlException: access denied ("java.io.Fi lePermission" "/mnt/bms/solr_cluster_backups" "read") at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) (etc. see attachment for full stack trace.) That does not make sense. It's a trio of Solr 9.8.1 servers running on Ubuntu 22.04 using OpenJDK 11. The server runs as user "solr", which is uid 119 all three servers, typically using systemd, but the problem persists even if I start the server by hand using "/opt/solr/bin/solr start --cloud". On all three servers there is a directory /mnt/bms/solr_cluster_backups, where /mnt/bms is a share from the local NAS. The directory /mnt/bms/solr_clusterbackups is owned by solr and the permissions are set to "chown 0777 /mnt/bms/solr_cluster_backups". I have have verified the following: * The user "solr" is able to write into the directory on each of the three servers using "touch /mnt/bms/solr_cluster_backups". * Usually I run Solr using SystemD. To exclude the possibility that SystemD is the problem, I ran Solr by hand and the problem persists. * I have written a little Java program to check whether java.nio.files.Files.exist() always yields an exception if called by the "solr" user on any one of the three servers. The answer is: No, it doesn't. See the attached java source code. * I have checked whether the problem is related to apparmor, but it isn't. sudo systemctl status apparmor.service yields a: "Unit apparmor.service could not be found." * I haven't configured any security for Solr of for Zookeeper. So, for some funny
OpenPGP_0xC4256577E515DF13.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
