NIFI-472: Refining the mechanism to carry out running as a different user pushing the handling of this primarily to the controlling script rather than the Java code. Making changes to the assembly such that permissions are provided on a group level control basis.

This commit is contained in:
Aldrin Piri 2015-07-02 17:44:03 -04:00
parent 322ac6fba6
commit 136974af7c
4 changed files with 33 additions and 23 deletions

View File

@ -35,6 +35,11 @@ language governing permissions and limitations under the License. -->
</goals> </goals>
<phase>package</phase> <phase>package</phase>
<configuration> <configuration>
<archiverConfig>
<defaultDirectoryMode>0775</defaultDirectoryMode>
<directoryMode>0775</directoryMode>
<fileMode>0664</fileMode>
</archiverConfig>
<descriptors> <descriptors>
<descriptor>src/main/assembly/dependencies.xml</descriptor> <descriptor>src/main/assembly/dependencies.xml</descriptor>
</descriptors> </descriptors>

View File

@ -29,8 +29,8 @@
<scope>runtime</scope> <scope>runtime</scope>
<useProjectArtifact>false</useProjectArtifact> <useProjectArtifact>false</useProjectArtifact>
<outputDirectory>lib</outputDirectory> <outputDirectory>lib</outputDirectory>
<directoryMode>0750</directoryMode> <directoryMode>0770</directoryMode>
<fileMode>0640</fileMode> <fileMode>0660</fileMode>
<useTransitiveFiltering>true</useTransitiveFiltering> <useTransitiveFiltering>true</useTransitiveFiltering>
<excludes> <excludes>
<exclude>nifi-bootstrap</exclude> <exclude>nifi-bootstrap</exclude>
@ -44,8 +44,8 @@
<scope>runtime</scope> <scope>runtime</scope>
<useProjectArtifact>false</useProjectArtifact> <useProjectArtifact>false</useProjectArtifact>
<outputDirectory>lib/bootstrap</outputDirectory> <outputDirectory>lib/bootstrap</outputDirectory>
<directoryMode>0750</directoryMode> <directoryMode>0770</directoryMode>
<fileMode>0640</fileMode> <fileMode>0660</fileMode>
<useTransitiveFiltering>true</useTransitiveFiltering> <useTransitiveFiltering>true</useTransitiveFiltering>
<includes> <includes>
<include>nifi-bootstrap</include> <include>nifi-bootstrap</include>
@ -59,8 +59,8 @@
<scope>runtime</scope> <scope>runtime</scope>
<useProjectArtifact>false</useProjectArtifact> <useProjectArtifact>false</useProjectArtifact>
<outputDirectory>./</outputDirectory> <outputDirectory>./</outputDirectory>
<directoryMode>0750</directoryMode> <directoryMode>0770</directoryMode>
<fileMode>0640</fileMode> <fileMode>0664</fileMode>
<useTransitiveFiltering>true</useTransitiveFiltering> <useTransitiveFiltering>true</useTransitiveFiltering>
<includes> <includes>
<include>nifi-resources</include> <include>nifi-resources</include>
@ -79,8 +79,8 @@
<scope>runtime</scope> <scope>runtime</scope>
<useProjectArtifact>false</useProjectArtifact> <useProjectArtifact>false</useProjectArtifact>
<outputDirectory>./</outputDirectory> <outputDirectory>./</outputDirectory>
<directoryMode>0750</directoryMode> <directoryMode>0770</directoryMode>
<fileMode>0750</fileMode> <fileMode>0770</fileMode>
<useTransitiveFiltering>true</useTransitiveFiltering> <useTransitiveFiltering>true</useTransitiveFiltering>
<includes> <includes>
<include>nifi-resources</include> <include>nifi-resources</include>

View File

@ -728,20 +728,8 @@ public class RunNiFi {
final NiFiListener listener = new NiFiListener(); final NiFiListener listener = new NiFiListener();
final int listenPort = listener.start(this); final int listenPort = listener.start(this);
String runAs = isWindows() ? null : props.get(RUN_AS_PROP);
if (runAs != null) {
runAs = runAs.trim();
if (runAs.isEmpty()) {
runAs = null;
}
}
final List<String> cmd = new ArrayList<>(); final List<String> cmd = new ArrayList<>();
if (runAs != null) {
cmd.add("sudo");
cmd.add("-u");
cmd.add(runAs);
}
cmd.add(javaCmd); cmd.add(javaCmd);
cmd.add("-classpath"); cmd.add("-classpath");
cmd.add(classPath); cmd.add(classPath);

View File

@ -151,9 +151,26 @@ install() {
run() { run() {
BOOTSTRAP_CONF="$NIFI_HOME/conf/bootstrap.conf"; BOOTSTRAP_CONF="$NIFI_HOME/conf/bootstrap.conf";
run_as=$(grep run.as ${BOOTSTRAP_CONF} | cut -d'=' -f2)
sudo_cmd_prefix=""
if $cygwin; then if $cygwin; then
if [[ -n "$run_as" ]]; then
echo "The run.as option is not supported in a Cygwin environment. Exiting."
exit 1
fi;
NIFI_HOME=`cygpath --path --windows "$NIFI_HOME"` NIFI_HOME=`cygpath --path --windows "$NIFI_HOME"`
BOOTSTRAP_CONF=`cygpath --path --windows "$BOOTSTRAP_CONF"` BOOTSTRAP_CONF=`cygpath --path --windows "$BOOTSTRAP_CONF"`
else
if [[ -n "$run_as" ]]; then
if id -u "$run_as" >/dev/null 2>&1; then
sudo_cmd_prefix="sudo -u ${run_as}"
else
echo "The specified run.as user ${run_as} does not exist. Exiting."
exit 1
fi
fi;
fi fi
echo echo
@ -166,9 +183,9 @@ run() {
# run 'start' in the background because the process will continue to run, monitoring NiFi. # run 'start' in the background because the process will continue to run, monitoring NiFi.
# all other commands will terminate quickly so want to just wait for them # all other commands will terminate quickly so want to just wait for them
if [ "$1" = "start" ]; then if [ "$1" = "start" ]; then
("$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ &) (${sudo_cmd_prefix} "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ &)
else else
"$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ ${sudo_cmd_prefix} "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@
fi fi
# Wait just a bit (3 secs) to wait for the logging to finish and then echo a new-line. # Wait just a bit (3 secs) to wait for the logging to finish and then echo a new-line.