Bug#919638: solr-tomcat: Permission problems after update to tomcat9
Michael Welsh Duggan
mwd at md5i.com
Sun Feb 17 05:58:38 GMT 2019
Markus Koschany <apo at debian.org> writes:
> Hello Michael,
>
>
> On Fri, 18 Jan 2019 01:19:36 -0500 Michael Welsh Duggan <md5i at md5i.com>
> wrote:
>> Package: solr-tomcat
>> Version: 3.6.2+dfsg-16
>> Severity: important
>>
>> Dear Maintainer,
>>
>> After updating tomcat to tomcat9 and solr-tomcat to 3.6.2+dfsg-16, it
>> seems to be having problems writing to its index directory. The
>> problem surfaced when using dovecot to look up messages. Attached is
>> the error from the catalina log.
>>
>> /var/lib/solr/index does look like it has the right permissions:
>> /var/lib/solr/data and /var/lib/solr/data/index are owned by
>> tomcat:tomcat, permissions 770, and tomcat seems to be running as user
>> tomcat. I have verified that I can write to the directory as root,
>> and as such it's not on a read-only filesystem. I have no idea why it
>> fails to write the lock file.
>
> Could you try the following?
>
> Please copy the tomcat9.service file to /etc/systemd/system and modify
> it by adding
>
> ReadWritePaths=/var/lib/solr/
> ReadWritePaths=/var/lib/solr/data
>
> to the # Security paragraph. Then execute systemctl daemon-reload.
>
> This should whitelist the solr directories and writing to them should be
> possible again. This is caused by restrictive systemd settings like
> ProtectSystem=strict. I think Debian's tomcat9 package could allow this
> by default but we could probably add a NEWS and README file to
> solr-tomcat too and explain the steps to make it work.
Based on your prior tip, I had already done that. (Only the
/var/lib/solr/ entry seemed to be necessary.) This caused things to
work again.
--
Michael Welsh Duggan
(md5i at md5i.com)
More information about the pkg-java-maintainers
mailing list