bbende commented on a change in pull request #4003: NIFI-7051 Protect against
empty group membership in ShellUserGroupPro…
URL: https://github.com/apache/nifi/pull/4003#discussion_r369762599
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-shell-authorizer/src/main/java/org/apache/nifi/authorization/NssShellCommands.java
##########
@@ -85,6 +85,6 @@ public String getGroupById(String groupId) {
* @return Shell command string that will exit normally (0) on a suitable
system.
*/
public String getSystemCheck() {
- return "getent passwd";
+ return "getent passwd | cut -f 1,3,4 -d ':'";
Review comment:
The problem is the result set can be really really large and the cut reduces
the amount of info returned. In my test environment, without the cut, it was
actually taking longer than the 30 second timeout on the Shell runner.
I was actually wondering if we could do something that would be quicker,
like can we assume every system with NSS has a user named root and call "getent
passwd root" to just look up one user instead of thousands?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
