Major Description
Hi all,
we've upgraded from Solr 8.11 to Solr 9.2 which bricked our Solr Backup. Since Solr 8.6 we configure solr.allowPaths, because our backup destination is outside the Solr home directory. We do this using the solr.in.sh:
SOLR_OPTS="$SOLR_OPTS -Dsolr.allowPaths=/opt/backup"
Since Solr 9 we received the following error message, when trying to create a backup
curl -sk 'http://localhost:8983/solr/admin/collections?action=BACKUP&name=xyz&collection=xyz&location=/opt/backup' { "responseHeader":{ "status":500, "QTime":0}, "error":{ "msg":"access denied (\"java.io.FilePermission\" \"/opt/backup\" \"read\")", ...
After some debugging we discovered, that since Solr 9 the Java Security Manager is enabled by default. However it doesn't have a default rule to allow access to the path which is set using the "solr.allowPaths" property:
grep allowPaths /opt/solr-9.2.1/server/etc/security.policy
We disabled the Java Security Manager for now, but our guess is, that the security policy should be expanded by
permission java.io.FilePermission "${solr.allowPaths}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.allowPaths}${/}-", "read,write,delete,readlink";
Cheers
Dennis
Attachments
Issue Links
- links to
