[
https://issues.apache.org/jira/browse/NIFI-1461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15135145#comment-15135145
]
James Wing commented on NIFI-1461:
----------------------------------
[[email protected]], I tried building an RPM from [your pull
request|https://github.com/apache/nifi/pull/204] and installing the RPM. The
user and group creation appear to mostly comply with [Fedora's best practice
guidelines for "Dynamic
allocation"|https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation],
with a couple of exceptions:
# The output of {{getent}} is not redirected to /dev/null, resulting in output
when running yum install.
# No comment is attached to the user record.
# {{exit 0}} is not called to prevent a failure in user/group creation from
failing the RPM install.
I don't believe these things are all required, but your code was very, very
close to their recommendation and I'm just curious if these differences are by
design or not.
I installed the RPM on Amazon Linux. After installing the RPM, the {{lib}}
directory is still owned by root.
{code}
[root@ip-172-31-28-236 nifi-0.4.2-SNAPSHOT]# ls -l
total 132
drwxr-x--- 2 nifi nifi 4096 Feb 5 20:03 bin
drwxr-x--- 2 nifi nifi 4096 Feb 5 20:03 conf
drwxr-x--- 3 nifi nifi 4096 Feb 5 20:03 docs
drwxr-xr-x 3 root root 4096 Feb 5 20:03 lib
-rw-r----- 1 nifi nifi 61811 Feb 5 18:58 LICENSE
-rw-r----- 1 nifi nifi 42726 Feb 5 18:35 NOTICE
-rw-r----- 1 nifi nifi 4549 Jan 30 21:07 README
{code}
Actually running NiFi as the "nifi" user requires setting the {{run.as}} entry
in bootstrap.conf to "nifi". After doing this and then starting NiFi, this
results in failure due to the lib directory permissions. From nifi-app.log:
{code}
2016-02-05 20:02:13,210 INFO [main] org.apache.nifi.NiFi Launching NiFi...
2016-02-05 20:02:13,237 INFO [main] org.apache.nifi.BootstrapListener Started
Bootstrap Listener, Listening for incoming requests on port 36459
2016-02-05 20:02:13,259 INFO [main] org.apache.nifi.BootstrapListener
Successfully initiated communication with Bootstrap
2016-02-05 20:02:13,272 WARN [main] org.apache.nifi.nar.NarUnpacker Unable to
load NAR library bundles due to java.io.IOException:
/opt/nifi/nifi-0.4.2-SNAPSHOT/./lib directory does not have read/write
privilege Will proceed without loading any further Nar bundles
2016-02-05 20:02:13,277 ERROR [main] org.apache.nifi.NiFi Failure to launch
NiFi due to java.lang.IllegalStateException: Unable to find the framework NAR
ClassLoader.
java.lang.IllegalStateException: Unable to find the framework NAR ClassLoader.
at org.apache.nifi.NiFi.<init>(NiFi.java:116)
~[nifi-runtime-0.4.2-SNAPSHOT.jar:0.4.2-SNAPSHOT]
at org.apache.nifi.NiFi.main(NiFi.java:227)
~[nifi-runtime-0.4.2-SNAPSHOT.jar:0.4.2-SNAPSHOT]
2016-02-05 20:02:13,277 INFO [Thread-1] org.apache.nifi.NiFi Initiating
shutdown of Jetty web server...
2016-02-05 20:02:13,277 INFO [Thread-1] org.apache.nifi.NiFi Jetty web server
shutdown completed (nicely or otherwise).
{code}
I haven't figured out why this is. I tried adding {{username}} and
{{groupname}} parameters to the lib and lib/bootstrap mappings in the POM.xml
file, but it didn't change the ownership of lib.
> RPM should create nifi user and give it access to the /opt/nifi and
> subdirectories
> ----------------------------------------------------------------------------------
>
> Key: NIFI-1461
> URL: https://issues.apache.org/jira/browse/NIFI-1461
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 0.4.1
> Reporter: Andre
> Assignee: Tony Kurc
> Labels: rpm
> Attachments: nifi.spec
>
>
> currently when installing from RPM the resulting permissions result on admins
> having to complete the installation by adding a user and correcting
> filesystem permissions.
> Ideally the RPM packages should result in installed files ready to be
> utilised as a non-root user
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
