user solr created by install not working with default password

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

user solr created by install not working with default password

rhys J
I installed Solr following the directions on this site:

https://lucene.apache.org/solr/guide/6_6/installing-solr.html

I am running standalone Solr with no authentication added because it is all
in-house with no access to outside requests.

When I try to su solr, using the password mentioned here:
https://lucidworks.com/post/securing-solr-basic-auth-permission-rules/, i
get an authentication failure.

I'm trying to chase down a bug, and I need to be able to see the results of
some commands from the user solr's perspective.

What am I doing wrong?

Thanks,

Rhys
Reply | Threaded
Open this post in threaded view
|

Re: user solr created by install not working with default password

Shawn Heisey-2
On 12/11/2019 9:17 AM, rhys J wrote:
> When I try to su solr, using the password mentioned here:
> https://lucidworks.com/post/securing-solr-basic-auth-permission-rules/, i
> get an authentication failure.

That page talks about setting up authentication for HTTP access to the
Solr API.  It has nothing at all to do with the OS user created by the
service install script.

When the service install creates the OS user for the service, it is
created in such a way that its password is disabled.  You can't use a
password for that user.  On my Linux machine with a Solr service
installed, the hashed password entry in /etc/shadow is * - an asterisk.

Here is an excerpt from the man page for shadow:

---
If the password field contains some string that is not a valid result of
crypt(3), for instance ! or *, the user will not be able to use a unix
password to log in (but the user may log in the system by other means).
---

> I'm trying to chase down a bug, and I need to be able to see the results of
> some commands from the user solr's perspective.

If you do the su as root, you won't need a password.  Or you can use
sudo to do what you need.

Thanks,
Shawn
Reply | Threaded
Open this post in threaded view
|

Re: user solr created by install not working with default password

rhys J
> That page talks about setting up authentication for HTTP access to the
> Solr API.  It has nothing at all to do with the OS user created by the
> service install script.
>
> When the service install creates the OS user for the service, it is
> created in such a way that its password is disabled.  You can't use a
> password for that user.  On my Linux machine with a Solr service
> installed, the hashed password entry in /etc/shadow is * - an asterisk.
>
> Here is an excerpt from the man page for shadow:
>
>
Thanks for explaining that. I was confused.

Rhys
Reply | Threaded
Open this post in threaded view
|

Re: user solr created by install not working with default password

Jörn Franke
In reply to this post by rhys J
Even for in-house without no outside access you should have authentication and https. There can be a tiny misconfiguration somewhere else not controlled by you and you face suddenly a big open leak.

Never do this - not even for development environments (here another important aspect is if there are possible authentication issues that you are aware of them early).

> Am 11.12.2019 um 17:18 schrieb rhys J <[hidden email]>:
>
> I installed Solr following the directions on this site:
>
> https://lucene.apache.org/solr/guide/6_6/installing-solr.html
>
> I am running standalone Solr with no authentication added because it is all
> in-house with no access to outside requests.
>
> When I try to su solr, using the password mentioned here:
> https://lucidworks.com/post/securing-solr-basic-auth-permission-rules/, i
> get an authentication failure.
>
> I'm trying to chase down a bug, and I need to be able to see the results of
> some commands from the user solr's perspective.
>
> What am I doing wrong?
>
> Thanks,
>
> Rhys
Reply | Threaded
Open this post in threaded view
|

RE: user solr created by install not working with default password

Nguyen, Khuong (Dominic) (CSRA)
That solr user defined in security.json is not the same as linux user solr that runs the solr service. The web authentication is controlled by the /security.json file in ZK. The security user can be any username you choose. On linux you can "sudo su solr" to switch to user solr. The linux user solr does not have a password stored as it's a service account so "su solr" would not work.

-----Original Message-----
From: Jörn Franke <[hidden email]>
Sent: Wednesday, December 11, 2019 4:46 PM
To: [hidden email]
Subject: Re: user solr created by install not working with default password

Even for in-house without no outside access you should have authentication and https. There can be a tiny misconfiguration somewhere else not controlled by you and you face suddenly a big open leak.

Never do this - not even for development environments (here another important aspect is if there are possible authentication issues that you are aware of them early).

> Am 11.12.2019 um 17:18 schrieb rhys J <[hidden email]>:
>
> I installed Solr following the directions on this site:
>
> https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fluce
> ne.apache.org%2Fsolr%2Fguide%2F6_6%2Finstalling-solr.html&amp;data=02%
> 7C01%7CKhuong.Nguyen1%40uspto.gov%7C07d05f1fc0f64377b03408d77e838b40%7
> Cff4abfe983b540268b8ffa69a1cad0b8%7C1%7C0%7C637116975756344665&amp;sda
> ta=z7U8%2Fqy1KRfkKOfpPE3z51sAVyehssDDC8d2QGk5aiw%3D&amp;reserved=0
>
> I am running standalone Solr with no authentication added because it
> is all in-house with no access to outside requests.
>
> When I try to su solr, using the password mentioned here:
> https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fluci
> dworks.com%2Fpost%2Fsecuring-solr-basic-auth-permission-rules%2F&amp;data=02%7C01%7CKhuong.Nguyen1%40uspto.gov%7C07d05f1fc0f64377b03408d77e838b40%7Cff4abfe983b540268b8ffa69a1cad0b8%7C1%7C0%7C637116975756344665&amp;sdata=upzKuCQE2FRcyCu8Tu9R0kPK47%2BZLBymotpU%2FX4dvJU%3D&amp;reserved=0, i get an authentication failure.
>
> I'm trying to chase down a bug, and I need to be able to see the
> results of some commands from the user solr's perspective.
>
> What am I doing wrong?
>
> Thanks,
>
> Rhys