Sorry for this behavior of /GetFile/ which is purposeful. If you
configure to keep the files instead of removing them, you'll keep
getting the same files ingested over and over again as flow files. It's
just how it is.
The secret was to read the help blurb when configuring this processor.
Hope this helps,
Russ
On 6/4/21 10:44 AM, Ruth, Thomas wrote:
Hello,
I recently built a 3-node NiFi cluster in my organization as a
proof-of-concept for some work we are doing. I used version 1.13.2 and
installed it onto 3 CentOS 7.9 systems. In my organization, I don’t
have root access to the system, so I used a different user called
“nfadm” to install and run the product. I don’t remember seeing
anything in the documentation that stated that this would be an issue.
I am also new to NiFi, and was relying heavily on the Admin
documentation on the web site for instructions to set up the OS and
NiFi installations. I configured certificate-based security and
distributed them to my users. I also configured policies for groups
that I thought were OK for them from a development standpoint.
I had an incident occur yesterday in which a user, who is also new to
NiFi, ran a component called “GetFile” for the filesystem “/” with the
default settings (Recurse=true, KeepSourceFile=false). Well, this
essentially ran “rm -rf /” as the user that owns all the installation
files and files in the various repositories, nfadm, the same user
running the NiFi processes. This deleted all the installation and
configuration files for the entire cluster, making it completely
useless now.
I am surprised to find out that NiFi allowed a user to basically wipe
out all the files the user running the NiFi server had access to. I
would expect much higher security to be present in a default system. I
have some questions that hopefully you can help me with:
Is this a known issue in NiFi?
Am I doing something wrong when configuring or installing NiFi?
Is there a section in the documentation that warns me of this type of
scenario?
Thanks in advance for your help with this,
Tom Ruth
Sr. Data Engineer
Optum, Inc.
E: [email protected]
This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
