Secure configs with ZooKeeper ACLs and Ranger
You can restrict access to configuration sets by setting ZooKeeper ACLs on all
znodes under and including /solr
and using Ranger to control access to
the ConfigSets API.
The solrctl instancedir
command interacts directly with ZooKeeper, and
therefore cannot be protected by Ranger. Because the solrctl config
command is a wrapper script for the ConfigSets API, it can be protected by Ranger.
To force users to use the ConfigSets API, you must set all ZooKeeper znodes under and including
/solr
to read-only (except for the solr
user).
After completing these steps, you cannot run commands such as solrctl instancedir
--create
or solrctl instancedir --delete
without first
authenticating as the solr@EXAMPLE.COM
super user principal.
Unauthenticated users can still run solrctl instancedir --list
and
solrctl instancedir --get
, because those commands only perform read
operations against ZooKeeper.