mirror of https://github.com/apache/nifi.git
NIFI-472: Refining the mechanism to carry out running as a different user pushing the handling of this primarily to the controlling script rather than the Java code. Making changes to the assembly such that permissions are provided on a group level control basis.
This commit is contained in:
parent
322ac6fba6
commit
136974af7c
|
@ -35,6 +35,11 @@ language governing permissions and limitations under the License. -->
|
||||||
</goals>
|
</goals>
|
||||||
<phase>package</phase>
|
<phase>package</phase>
|
||||||
<configuration>
|
<configuration>
|
||||||
|
<archiverConfig>
|
||||||
|
<defaultDirectoryMode>0775</defaultDirectoryMode>
|
||||||
|
<directoryMode>0775</directoryMode>
|
||||||
|
<fileMode>0664</fileMode>
|
||||||
|
</archiverConfig>
|
||||||
<descriptors>
|
<descriptors>
|
||||||
<descriptor>src/main/assembly/dependencies.xml</descriptor>
|
<descriptor>src/main/assembly/dependencies.xml</descriptor>
|
||||||
</descriptors>
|
</descriptors>
|
||||||
|
|
|
@ -29,8 +29,8 @@
|
||||||
<scope>runtime</scope>
|
<scope>runtime</scope>
|
||||||
<useProjectArtifact>false</useProjectArtifact>
|
<useProjectArtifact>false</useProjectArtifact>
|
||||||
<outputDirectory>lib</outputDirectory>
|
<outputDirectory>lib</outputDirectory>
|
||||||
<directoryMode>0750</directoryMode>
|
<directoryMode>0770</directoryMode>
|
||||||
<fileMode>0640</fileMode>
|
<fileMode>0660</fileMode>
|
||||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
<excludes>
|
<excludes>
|
||||||
<exclude>nifi-bootstrap</exclude>
|
<exclude>nifi-bootstrap</exclude>
|
||||||
|
@ -44,8 +44,8 @@
|
||||||
<scope>runtime</scope>
|
<scope>runtime</scope>
|
||||||
<useProjectArtifact>false</useProjectArtifact>
|
<useProjectArtifact>false</useProjectArtifact>
|
||||||
<outputDirectory>lib/bootstrap</outputDirectory>
|
<outputDirectory>lib/bootstrap</outputDirectory>
|
||||||
<directoryMode>0750</directoryMode>
|
<directoryMode>0770</directoryMode>
|
||||||
<fileMode>0640</fileMode>
|
<fileMode>0660</fileMode>
|
||||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
<includes>
|
<includes>
|
||||||
<include>nifi-bootstrap</include>
|
<include>nifi-bootstrap</include>
|
||||||
|
@ -59,8 +59,8 @@
|
||||||
<scope>runtime</scope>
|
<scope>runtime</scope>
|
||||||
<useProjectArtifact>false</useProjectArtifact>
|
<useProjectArtifact>false</useProjectArtifact>
|
||||||
<outputDirectory>./</outputDirectory>
|
<outputDirectory>./</outputDirectory>
|
||||||
<directoryMode>0750</directoryMode>
|
<directoryMode>0770</directoryMode>
|
||||||
<fileMode>0640</fileMode>
|
<fileMode>0664</fileMode>
|
||||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
<includes>
|
<includes>
|
||||||
<include>nifi-resources</include>
|
<include>nifi-resources</include>
|
||||||
|
@ -79,8 +79,8 @@
|
||||||
<scope>runtime</scope>
|
<scope>runtime</scope>
|
||||||
<useProjectArtifact>false</useProjectArtifact>
|
<useProjectArtifact>false</useProjectArtifact>
|
||||||
<outputDirectory>./</outputDirectory>
|
<outputDirectory>./</outputDirectory>
|
||||||
<directoryMode>0750</directoryMode>
|
<directoryMode>0770</directoryMode>
|
||||||
<fileMode>0750</fileMode>
|
<fileMode>0770</fileMode>
|
||||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
<includes>
|
<includes>
|
||||||
<include>nifi-resources</include>
|
<include>nifi-resources</include>
|
||||||
|
|
|
@ -728,20 +728,8 @@ public class RunNiFi {
|
||||||
final NiFiListener listener = new NiFiListener();
|
final NiFiListener listener = new NiFiListener();
|
||||||
final int listenPort = listener.start(this);
|
final int listenPort = listener.start(this);
|
||||||
|
|
||||||
String runAs = isWindows() ? null : props.get(RUN_AS_PROP);
|
|
||||||
if (runAs != null) {
|
|
||||||
runAs = runAs.trim();
|
|
||||||
if (runAs.isEmpty()) {
|
|
||||||
runAs = null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
final List<String> cmd = new ArrayList<>();
|
final List<String> cmd = new ArrayList<>();
|
||||||
if (runAs != null) {
|
|
||||||
cmd.add("sudo");
|
|
||||||
cmd.add("-u");
|
|
||||||
cmd.add(runAs);
|
|
||||||
}
|
|
||||||
cmd.add(javaCmd);
|
cmd.add(javaCmd);
|
||||||
cmd.add("-classpath");
|
cmd.add("-classpath");
|
||||||
cmd.add(classPath);
|
cmd.add(classPath);
|
||||||
|
|
21
nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh
Normal file → Executable file
21
nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh
Normal file → Executable file
|
@ -151,9 +151,26 @@ install() {
|
||||||
run() {
|
run() {
|
||||||
BOOTSTRAP_CONF="$NIFI_HOME/conf/bootstrap.conf";
|
BOOTSTRAP_CONF="$NIFI_HOME/conf/bootstrap.conf";
|
||||||
|
|
||||||
|
run_as=$(grep run.as ${BOOTSTRAP_CONF} | cut -d'=' -f2)
|
||||||
|
|
||||||
|
sudo_cmd_prefix=""
|
||||||
if $cygwin; then
|
if $cygwin; then
|
||||||
|
if [[ -n "$run_as" ]]; then
|
||||||
|
echo "The run.as option is not supported in a Cygwin environment. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi;
|
||||||
|
|
||||||
NIFI_HOME=`cygpath --path --windows "$NIFI_HOME"`
|
NIFI_HOME=`cygpath --path --windows "$NIFI_HOME"`
|
||||||
BOOTSTRAP_CONF=`cygpath --path --windows "$BOOTSTRAP_CONF"`
|
BOOTSTRAP_CONF=`cygpath --path --windows "$BOOTSTRAP_CONF"`
|
||||||
|
else
|
||||||
|
if [[ -n "$run_as" ]]; then
|
||||||
|
if id -u "$run_as" >/dev/null 2>&1; then
|
||||||
|
sudo_cmd_prefix="sudo -u ${run_as}"
|
||||||
|
else
|
||||||
|
echo "The specified run.as user ${run_as} does not exist. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo
|
echo
|
||||||
|
@ -166,9 +183,9 @@ run() {
|
||||||
# run 'start' in the background because the process will continue to run, monitoring NiFi.
|
# run 'start' in the background because the process will continue to run, monitoring NiFi.
|
||||||
# all other commands will terminate quickly so want to just wait for them
|
# all other commands will terminate quickly so want to just wait for them
|
||||||
if [ "$1" = "start" ]; then
|
if [ "$1" = "start" ]; then
|
||||||
("$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ &)
|
(${sudo_cmd_prefix} "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ &)
|
||||||
else
|
else
|
||||||
"$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@
|
${sudo_cmd_prefix} "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Wait just a bit (3 secs) to wait for the logging to finish and then echo a new-line.
|
# Wait just a bit (3 secs) to wait for the logging to finish and then echo a new-line.
|
||||||
|
|
Loading…
Reference in New Issue