Bug#919638: solr-tomcat: Permission problems after update to tomcat9
Markus Koschany
apo at debian.org
Fri Feb 15 10:00:00 GMT 2019
Hello Michael,
On Fri, 18 Jan 2019 01:19:36 -0500 Michael Welsh Duggan <md5i at md5i.com>
wrote:
> Package: solr-tomcat
> Version: 3.6.2+dfsg-16
> Severity: important
>
> Dear Maintainer,
>
> After updating tomcat to tomcat9 and solr-tomcat to 3.6.2+dfsg-16, it
> seems to be having problems writing to its index directory. The
> problem surfaced when using dovecot to look up messages. Attached is
> the error from the catalina log.
>
> /var/lib/solr/index does look like it has the right permissions:
> /var/lib/solr/data and /var/lib/solr/data/index are owned by
> tomcat:tomcat, permissions 770, and tomcat seems to be running as user
> tomcat. I have verified that I can write to the directory as root,
> and as such it's not on a read-only filesystem. I have no idea why it
> fails to write the lock file.
Could you try the following?
Please copy the tomcat9.service file to /etc/systemd/system and modify
it by adding
ReadWritePaths=/var/lib/solr/
ReadWritePaths=/var/lib/solr/data
to the # Security paragraph. Then execute systemctl daemon-reload.
This should whitelist the solr directories and writing to them should be
possible again. This is caused by restrictive systemd settings like
ProtectSystem=strict. I think Debian's tomcat9 package could allow this
by default but we could probably add a NEWS and README file to
solr-tomcat too and explain the steps to make it work.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20190215/30e61704/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list