You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by al...@apache.org on 2015/07/03 16:40:10 UTC
incubator-nifi git commit: NIFI-472: Refining the mechanism to carry
out running as a different user pushing the handling of this primarily to the
controlling script rather than the Java code. Making changes to the assembly
such that permissions are pro
Repository: incubator-nifi
Updated Branches:
refs/heads/develop 322ac6fba -> 136974af7
NIFI-472: Refining the mechanism to carry out running as a different user pushing the handling of this primarily to the controlling script rather than the Java code. Making changes to the assembly such that permissions are provided on a group level control basis.
Project: http://git-wip-us.apache.org/repos/asf/incubator-nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-nifi/commit/136974af
Tree: http://git-wip-us.apache.org/repos/asf/incubator-nifi/tree/136974af
Diff: http://git-wip-us.apache.org/repos/asf/incubator-nifi/diff/136974af
Branch: refs/heads/develop
Commit: 136974af7c63bdb8c4c99c1a02c6b34011e2e17f
Parents: 322ac6f
Author: Aldrin Piri <al...@apache.org>
Authored: Thu Jul 2 17:44:03 2015 -0400
Committer: Aldrin Piri <al...@apache.org>
Committed: Fri Jul 3 10:39:40 2015 -0400
----------------------------------------------------------------------
nifi/nifi-assembly/pom.xml | 5 +++++
.../src/main/assembly/dependencies.xml | 16 +++++++--------
.../java/org/apache/nifi/bootstrap/RunNiFi.java | 14 +------------
.../src/main/resources/bin/nifi.sh | 21 ++++++++++++++++++--
4 files changed, 33 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/136974af/nifi/nifi-assembly/pom.xml
----------------------------------------------------------------------
diff --git a/nifi/nifi-assembly/pom.xml b/nifi/nifi-assembly/pom.xml
index 9b17617..c679d22 100644
--- a/nifi/nifi-assembly/pom.xml
+++ b/nifi/nifi-assembly/pom.xml
@@ -35,6 +35,11 @@ language governing permissions and limitations under the License. -->
</goals>
<phase>package</phase>
<configuration>
+ <archiverConfig>
+ <defaultDirectoryMode>0775</defaultDirectoryMode>
+ <directoryMode>0775</directoryMode>
+ <fileMode>0664</fileMode>
+ </archiverConfig>
<descriptors>
<descriptor>src/main/assembly/dependencies.xml</descriptor>
</descriptors>
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/136974af/nifi/nifi-assembly/src/main/assembly/dependencies.xml
----------------------------------------------------------------------
diff --git a/nifi/nifi-assembly/src/main/assembly/dependencies.xml b/nifi/nifi-assembly/src/main/assembly/dependencies.xml
index a3e3a18..243d0ac 100644
--- a/nifi/nifi-assembly/src/main/assembly/dependencies.xml
+++ b/nifi/nifi-assembly/src/main/assembly/dependencies.xml
@@ -29,8 +29,8 @@
<scope>runtime</scope>
<useProjectArtifact>false</useProjectArtifact>
<outputDirectory>lib</outputDirectory>
- <directoryMode>0750</directoryMode>
- <fileMode>0640</fileMode>
+ <directoryMode>0770</directoryMode>
+ <fileMode>0660</fileMode>
<useTransitiveFiltering>true</useTransitiveFiltering>
<excludes>
<exclude>nifi-bootstrap</exclude>
@@ -44,8 +44,8 @@
<scope>runtime</scope>
<useProjectArtifact>false</useProjectArtifact>
<outputDirectory>lib/bootstrap</outputDirectory>
- <directoryMode>0750</directoryMode>
- <fileMode>0640</fileMode>
+ <directoryMode>0770</directoryMode>
+ <fileMode>0660</fileMode>
<useTransitiveFiltering>true</useTransitiveFiltering>
<includes>
<include>nifi-bootstrap</include>
@@ -59,8 +59,8 @@
<scope>runtime</scope>
<useProjectArtifact>false</useProjectArtifact>
<outputDirectory>./</outputDirectory>
- <directoryMode>0750</directoryMode>
- <fileMode>0640</fileMode>
+ <directoryMode>0770</directoryMode>
+ <fileMode>0664</fileMode>
<useTransitiveFiltering>true</useTransitiveFiltering>
<includes>
<include>nifi-resources</include>
@@ -79,8 +79,8 @@
<scope>runtime</scope>
<useProjectArtifact>false</useProjectArtifact>
<outputDirectory>./</outputDirectory>
- <directoryMode>0750</directoryMode>
- <fileMode>0750</fileMode>
+ <directoryMode>0770</directoryMode>
+ <fileMode>0770</fileMode>
<useTransitiveFiltering>true</useTransitiveFiltering>
<includes>
<include>nifi-resources</include>
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/136974af/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java
----------------------------------------------------------------------
diff --git a/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java b/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java
index 2bc44cc..a48a1de 100644
--- a/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java
+++ b/nifi/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/RunNiFi.java
@@ -728,20 +728,8 @@ public class RunNiFi {
final NiFiListener listener = new NiFiListener();
final int listenPort = listener.start(this);
- String runAs = isWindows() ? null : props.get(RUN_AS_PROP);
- if (runAs != null) {
- runAs = runAs.trim();
- if (runAs.isEmpty()) {
- runAs = null;
- }
- }
-
final List<String> cmd = new ArrayList<>();
- if (runAs != null) {
- cmd.add("sudo");
- cmd.add("-u");
- cmd.add(runAs);
- }
+
cmd.add(javaCmd);
cmd.add("-classpath");
cmd.add(classPath);
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/136974af/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh
----------------------------------------------------------------------
diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh
old mode 100644
new mode 100755
index 8caf55e..01a3f81
--- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh
+++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/bin/nifi.sh
@@ -151,9 +151,26 @@ install() {
run() {
BOOTSTRAP_CONF="$NIFI_HOME/conf/bootstrap.conf";
+ run_as=$(grep run.as ${BOOTSTRAP_CONF} | cut -d'=' -f2)
+
+ sudo_cmd_prefix=""
if $cygwin; then
+ if [[ -n "$run_as" ]]; then
+ echo "The run.as option is not supported in a Cygwin environment. Exiting."
+ exit 1
+ fi;
+
NIFI_HOME=`cygpath --path --windows "$NIFI_HOME"`
BOOTSTRAP_CONF=`cygpath --path --windows "$BOOTSTRAP_CONF"`
+ else
+ if [[ -n "$run_as" ]]; then
+ if id -u "$run_as" >/dev/null 2>&1; then
+ sudo_cmd_prefix="sudo -u ${run_as}"
+ else
+ echo "The specified run.as user ${run_as} does not exist. Exiting."
+ exit 1
+ fi
+ fi;
fi
echo
@@ -166,9 +183,9 @@ run() {
# run 'start' in the background because the process will continue to run, monitoring NiFi.
# all other commands will terminate quickly so want to just wait for them
if [ "$1" = "start" ]; then
- ("$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ &)
+ (${sudo_cmd_prefix} "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@ &)
else
- "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@
+ ${sudo_cmd_prefix} "$JAVA" -cp "$NIFI_HOME"/conf/:"$NIFI_HOME"/lib/bootstrap/* -Xms12m -Xmx24m -Dorg.apache.nifi.bootstrap.config.file="$BOOTSTRAP_CONF" org.apache.nifi.bootstrap.RunNiFi $@
fi
# Wait just a bit (3 secs) to wait for the logging to finish and then echo a new-line.