Return-Path: X-Original-To: apmail-lucene-solr-user-archive@minotaur.apache.org Delivered-To: apmail-lucene-solr-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5A559176DB for ; Tue, 14 Apr 2015 12:05:02 +0000 (UTC) Received: (qmail 45139 invoked by uid 500); 14 Apr 2015 12:04:56 -0000 Delivered-To: apmail-lucene-solr-user-archive@lucene.apache.org Received: (qmail 45070 invoked by uid 500); 14 Apr 2015 12:04:56 -0000 Mailing-List: contact solr-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: solr-user@lucene.apache.org Delivered-To: mailing list solr-user@lucene.apache.org Received: (qmail 45059 invoked by uid 99); 14 Apr 2015 12:04:56 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Apr 2015 12:04:56 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW X-Spam-Check-By: apache.org Received-SPF: error (nike.apache.org: local policy) Received: from [212.242.40.4] (HELO cicero1.cybercity.dk) (212.242.40.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Apr 2015 12:04:29 +0000 Received: from Per-Steffensens-MacBook-Pro.local (port545.ds1-rd.adsl.cybercity.dk [212.242.185.110]) by cicero1.cybercity.dk (Postfix) with ESMTP id E027E10884B for ; Tue, 14 Apr 2015 14:03:36 +0200 (CEST) Message-ID: <552D0218.6060001@designware.dk> Date: Tue, 14 Apr 2015 14:03:36 +0200 From: Per Steffensen User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: solr-user@lucene.apache.org Subject: Re: Securing solr index References: <6E014E35DE517B44A6E8FDA7E74B9F9443A9404F@chnshlmbx14> In-Reply-To: <6E014E35DE517B44A6E8FDA7E74B9F9443A9404F@chnshlmbx14> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hi I might misunderstand you, but if you are talking about securing the actual files/folders of the index, I do not think this is a Solr/Lucene concern. Use standard mechanisms of your OS. E.g. on linux/unix use chown, chgrp, chmod, sudo, apparmor etc - e.g. allowing only root to write the folders/files and sudo the user running Solr/Lucene to operate as root in this area. Even admins should not (normally) operate as root - that way they cannot write the files either. No one knows the root-password - except maybe for the super-super-admin, or you split the root-password in two and two admins know a part each, so that they have to both agree in order to operate as root. Be creative yourself. Regards, Per Steffensen On 13/04/15 12:13, Suresh Vanasekaran wrote: > Hi, > > We are having the solr index maintained in a central server and multiple users might be able to access the index data. > > May I know what are best practice for securing the solr index folder where ideally only application user should be able to access. Even an admin user should not be able to copy the data and use it in another schema. > > Thanks > > > > **************** CAUTION - Disclaimer ***************** > This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely > for the use of the addressee(s). If you are not the intended recipient, please > notify the sender by e-mail and delete the original message. Further, you are not > to copy, disclose, or distribute this e-mail or its contents to any other person and > any such actions are unlawful. This e-mail may contain viruses. Infosys has taken > every reasonable precaution to minimize this risk, but is not liable for any damage > you may sustain as a result of any virus in this e-mail. You should carry out your > own virus checks before opening the e-mail or attachment. Infosys reserves the > right to monitor and review the content of all messages sent to or from this e-mail > address. Messages sent to or from this e-mail address may be stored on the > Infosys e-mail system. > ***INFOSYS******** End of Disclaimer ********INFOSYS*** >