What was the GetFile processor connected to? You might find your NiFi instance there.
-- Tim Fleming On Jun 4, 2021, at 11:44 AM, Ruth, Thomas <[email protected]> wrote: Hello, I recently built a 3-node NiFi cluster in my organization as a proof-of-concept for some work we are doing. I used version 1.13.2 and installed it onto 3 CentOS 7.9 systems. In my organization, I don’t have root access to the system, so I used a different user called “nfadm” to install and run the product. I don’t remember seeing anything in the documentation that stated that this would be an issue. I am also new to NiFi, and was relying heavily on the Admin documentation on the web site for instructions to set up the OS and NiFi installations. I configured certificate-based security and distributed them to my users. I also configured policies for groups that I thought were OK for them from a development standpoint. I had an incident occur yesterday in which a user, who is also new to NiFi, ran a component called “GetFile” for the filesystem “/” with the default settings (Recurse=true, KeepSourceFile=false). Well, this essentially ran “rm -rf /” as the user that owns all the installation files and files in the various repositories, nfadm, the same user running the NiFi processes. This deleted all the installation and configuration files for the entire cluster, making it completely useless now. I am surprised to find out that NiFi allowed a user to basically wipe out all the files the user running the NiFi server had access to. I would expect much higher security to be present in a default system. I have some questions that hopefully you can help me with: Is this a known issue in NiFi? Am I doing something wrong when configuring or installing NiFi? Is there a section in the documentation that warns me of this type of scenario? Thanks in advance for your help with this, Tom Ruth Sr. Data Engineer Optum, Inc. E: [email protected] This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.
