On 4/11/2018 8:29 AM, Christopher Schultz wrote: >> Unless you run Solr in cloud mode (which means using zookeeper), the >> server cannot create the core directories itself. When running in >> standalone mode, the core directory is created by the bin/solr program >> doing the "create" -- which was running as root. > That is ... surprising.[1]
I'm aware of that. I know it as "the principle of least surprise". :) And I'm in complete agreement that we need to do better. Given your role in Tomcat, I'm sure you know all about technical debt, and how much of a struggle it is to pay that debt in order to make improvements. Decisions made years ago can cripple current efforts. > It also means that one cannot remote-admin a Solr server. :( If you take the plunge into SolrCloud, then you can. > The way the installer and server work together is very unfortunate. > bin/solr knows the euid of the server and, if running under root/sudo > could easily mkdir/chown without crapping itself. Having installed a > "service" using the Solr installer practically requires you to run > bin/solr using sudo, and then it doesn't work. Is there a JIRA ticket > already in existence where I can leave a comment? I think this issue might be relevant for you: https://issues.apache.org/jira/browse/SOLR-9590 I created it a while back. Some of what I came up with will probably change with more understanding, but the general notions are still about the same. All user switching is done in the init script, not in bin/solr. We never know whether bin/solr is being called by a user directly or as part of service startup. It's the init script that knows the user, not bin/solr. That probably needs to change. I don't know if that would happen as part of SOLR-9590 or in its own issue. Thanks, Shawn
