Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
5.3.1
Description
Until https://issues.apache.org/jira/browse/SOLR-7871 is fixed, I suggest to improve current shell scripts. Provided patch:
- changes $SOLR_ENV default to /etc/default/$SOLR_SERVICE.in.sh . This is security issue. If solr.in.sh is placed in directory which is writable by $SOLR_USER, solr process is able to write to it, and than it will be run by root on start/shutdown.
- changes permissions. $SOLR_USER should only be able to write to $SOLR_VAR_DIR. This directory should not be readable by other users as it may contain personal information.
- sets $SOLR_USER home directory to $SOLR_VAR_DIR . As I can see there is no need in /home/solr directory.
- adds -f option to install_solr_service.sh. It should be used to safely upgrade Solr.
- adds quotes to unquoted variables
- adds leading zero to chmod commands
- removes group from chown commands (uses ":")
Tested on ubuntu 14.04 amd64, but changes are pretty system-independent.