[
https://issues.apache.org/jira/browse/NIFI-1461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15140452#comment-15140452
]
Andre commented on NIFI-1461:
-----------------------------
Yes and no...
The main issue is the rpm generated ended up being insecure (DFM could use the
scripting engine to elevate privileges as described above) and could lead to
the compromise of a server running nifi.
I think pushing the PR would end up haunting us in the future (with people
incorrectly thinking security isn't one of the priorities of the project)
Makes sense?
> RPM should create nifi user and give it access to the /opt/nifi and
> subdirectories
> ----------------------------------------------------------------------------------
>
> Key: NIFI-1461
> URL: https://issues.apache.org/jira/browse/NIFI-1461
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 0.4.1
> Reporter: Andre
> Assignee: Tony Kurc
> Labels: rpm
> Fix For: 0.5.0
>
> Attachments:
> 0001-NIFI-1461-This-closes-204.-Implemented-RPM-before-af.patch,
> 0002-NIFI-1461-added-run.as-filtered-property-for-RPM-and.patch, nifi.spec,
> nifi.spec
>
>
> currently when installing from RPM the resulting permissions result on admins
> having to complete the installation by adding a user and correcting
> filesystem permissions.
> Ideally the RPM packages should result in installed files ready to be
> utilised as a non-root user
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
