NIFI-4913 - Added "-E" with sudo to read environment variables set in current shell environment while running nifi with bootstrap property "run.as" set as to some user

NIFI-4913 - Updated administration-guide.adoc Signed-off-by: Nathan Gough <thenatog@gmail.com> This closes #3750.
2019-09-18 13:42:57 -07:00 · 2019-09-18 13:42:57 -07:00 · 48a9054731
parent 1791f4cc35
commit 48a9054731
3 changed files with 10 additions and 1 deletions
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@ -2429,6 +2429,7 @@ take effect only after NiFi has been stopped and restarted.
 |`java`|Specifies the fully qualified java command to run. By default, it is simply `java` but could be changed to an absolute path or a reference an environment variable, such as `$JAVA_HOME/bin/java`
 |`run.as`|The username to run NiFi as. For instance, if NiFi should be run as the `nifi` user, setting this value to `nifi` will cause the NiFi Process to be run as the `nifi` user.
        This property is ignored on Windows. For Linux, the specified user may require sudo permissions.
+|`preserve.environment`|Whether or not to preserve shell environment while using `run.as` (see "sudo -E" man page). By default, this is set to false.
 |`lib.dir`|The _lib_ directory to use for NiFi. By default, this is set to `./lib`
 |`conf.dir`|The _conf_ directory to use for NiFi. By default, this is set to `./conf`
 |`graceful.shutdown.seconds`|When NiFi is instructed to shutdown, the Bootstrap will wait this number of seconds for the process to shutdown cleanly. At this amount of time,
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh
@ -325,8 +325,13 @@ run() {
    run_nifi_cmd="${run_bootstrap_cmd} $@"

    if [ -n "${run_as_user}" ]; then
+      preserve_environment=$(grep '^\s*preserve.environment' "${BOOTSTRAP_CONF}" | cut -d'=' -f2 | tr '[:upper:]' '[:lower:]')
+      SUDO="sudo"
+      if [ "$preserve_environment" = "true" ]; then
+        SUDO="sudo -E"
+      fi
      # Provide SCRIPT_DIR and execute nifi-env for the run.as user command
-      run_nifi_cmd="sudo -u ${run_as_user} sh -c \"SCRIPT_DIR='${SCRIPT_DIR}' && . '${SCRIPT_DIR}/nifi-env.sh' && ${run_nifi_cmd}\""
+      run_nifi_cmd="${SUDO} -u ${run_as_user} sh -c \"SCRIPT_DIR='${SCRIPT_DIR}' && . '${SCRIPT_DIR}/nifi-env.sh' && ${run_nifi_cmd}\""
    fi

    if [ "$1" = "run" ]; then
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/bootstrap.conf
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/bootstrap.conf
@ -21,6 +21,9 @@ java=java
 # Username to use when running NiFi. This value will be ignored on Windows.
 run.as=${nifi.run.as}

+# Preserve shell environment while runnning as "run.as" user
+preserve.environment=false
+
 # Configure where NiFi's lib and conf directories live
 lib.dir=./lib
 conf.dir=./conf