NIFI-472: Refining the mechanism to carry out running as a different user pushing the handling of this primarily to the controlling script rather than the Java code. Making changes to the assembly such that permissions are provided on a group level control basis.
Project: http://git-wip-us.apache.org/repos/asf/incubator-nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-nifi/commit/136974af Tree: http://git-wip-us.apache.org/repos/asf/incubator-nifi/tree/136974af Diff: http://git-wip-us.apache.org/repos/asf/incubator-nifi/diff/136974af Branch: refs/heads/master Commit: 136974af7c63bdb8c4c99c1a02c6b34011e2e17f Parents: 322ac6f Author: Aldrin Piri <ald...@apache.org> Authored: Thu Jul 2 17:44:03 2015 -0400 Committer: Aldrin Piri <ald...@apache.org> Committed: Fri Jul 3 10:39:40 2015 -0400 ---------------------------------------------------------------------- nifi/nifi-assembly/pom.xml | 5 +++++ .../src/main/assembly/dependencies.xml | 16 +++++++-------- .../java/org/apache/nifi/bootstrap/RunNiFi.java | 14 +------------ .../src/main/resources/bin/nifi.sh | 21 ++++++++++++++++++-- 4 files changed, 33 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/136974af/nifi/nifi-assembly/pom.xml ---------------------------------------------------------------------- diff --git a/nifi/nifi-assembly/pom.xml b/nifi/nifi-assembly/pom.xml index 9b17617..c679d22 100644 --- a/nifi/nifi-assembly/pom.xml +++ b/nifi/nifi-assembly/pom.xml @@ -35,6 +35,11 @@ language governing permissions and limitations under the License. --> </goals> <phase>package</phase> <configuration> + <archiverConfig> + <defaultDirectoryMode>0775</defaultDirectoryMode> + <directoryMode>0775</directoryMode> + <fileMode>0664</fileMode> + </archiverConfig> <descriptors> <descriptor>src/main/assembly/dependencies.xml</descriptor> </descriptors> http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/136974af/nifi/nifi-assembly/src/main/assembly/dependencies.xml ---------------------------------------------------------------------- diff --git a/nifi/nifi-assembly/src/main/assembly/dependencies.xml b/nifi/nifi-assembly/src/main/assembly/dependencies.xml index a3e3a18..243d0ac 100644 --- a/nifi/nifi-assembly/src/main/assembly/dependencies.xml +++ b/nifi/nifi-assembly/src/main/assembly/dependencies.xml @@ -29,8 +29,8 @@ <scope>runtime</scope> <useProjectArtifact>false</useProjectArtifact> <outputDirectory>lib</outputDirectory> - <directoryMode>0750</directoryMode> - <fileMode>0640</fileMode> + <directoryMode>0770</directoryMode> + <fileMode>0660</fileMode> <useTransitiveFiltering>true</useTransitiveFiltering> <excludes> <exclude>nifi-bootstrap</exclude> @@ -44,8 +44,8 @@ <scope>runtime</scope> <useProjectArtifact>false</useProjectArtifact> <outputDirectory>lib/bootstrap</outputDirectory> - <directoryMode>0750</directoryMode> - <fileMode>0640</fileMode> + <directoryMode>0770</directoryMode> + <fileMode>0660</fileMode> <useTransitiveFiltering>true</useTransitiveFiltering> <includes> <include>nifi-bootstrap</include> @@ -59,8 +59,8 @@ <scope>runtime</scope> <useProjectArtifact>false</useProjectArtifact> <outputDirectory>./</outputDirectory> - <directoryMode>0750</directoryMode> - <fileMode>0640</fileMode> + <directoryMode>0770</directoryMode> + <fileMode>0664</fileMode> <useTransitiveFiltering>true</useTransitiveFiltering> <includes> <include>nifi-resources</include> @@ -79,8 +79,8 @@ <scope>runtime</scope> <useProjectArtifact>false</useProjectArtifact> <outputDirectory>./</outputDirectory> - <directoryMode>0750</directoryMode> - <fileMode>0750</fileMode> + <directoryMode>0770</directoryMode> + <fileMode>0770</fileMode> <useTransitiveFiltering>true</useTransitiveFiltering> <includes> <include>nifi-resources</include> http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/136974af/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java b/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java index 2bc44cc..a48a1de 100644 --- a/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java +++ b/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java @@ -728,20 +728,8 @@ public class RunNiFi { final NiFiListener listener = new NiFiListener(); final int listenPort = listener.start(this); - String runAs = isWindows() ? null : props.get(RUN_AS_PROP); - if (runAs != null) { - runAs = runAs.trim(); - if (runAs.isEmpty()) { - runAs = null; - } - } - final List<String> cmd = new ArrayList<>(); - if (runAs != null) { - cmd.add("sudo"); - cmd.add("-u"); - cmd.add(runAs); - } + cmd.add(javaCmd); cmd.add("-classpath"); cmd.add(classPath); http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/136974af/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh old mode 100644 new mode 100755 index 8caf55e..01a3f81 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh @@ -151,9 +151,26 @@ install() { run() { BOOTSTRAP_CONF="$NIFI_HOME/conf/bootstrap.conf"; + run_as=$(grep run.as ${BOOTSTRAP_CONF} | cut -d'=' -f2) + + sudo_cmd_prefix="" if $cygwin; then + if [[ -n "$run_as" ]]; then + echo "The run.as option is not supported in a Cygwin environment. Exiting." + exit 1 + fi; + NIFI_HOME=`cygpath --path --windows "$NIFI_HOME"` BOOTSTRAP_CONF=`cygpath --path --windows "$BOOTSTRAP_CONF"` + else + if [[ -n "$run_as" ]]; then + if id -u "$run_as" >/dev/null 2>&1; then + sudo_cmd_prefix="sudo -u ${run_as}" + else + echo "The specified run.as user ${run_as} does not exist. Exiting." + exit 1 + fi + fi; fi echo @@ -166,9 +183,9 @@ run() { # run 'start' in the background because the process will continue to run, monitoring NiFi. # all other commands will terminate quickly so want to just wait for them if [ "$1" = "start" ]; then - ("$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ &) + (${sudo_cmd_prefix} "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ &) else - "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ + ${sudo_cmd_prefix} "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ fi # Wait just a bit (3 secs) to wait for the logging to finish and then echo a new-line.