Created on 07-13-2017 03:00 PM - edited 08-18-2019 02:10 AM
Created 07-13-2017 03:07 PM
While logged in as the user running your NiFi, can you access the file /var/log/squid/access.log manually from the command line?
Created 07-13-2017 10:20 PM
No I cannot access it. I tried everything even adding them into the root group. But it is not allowing me.
Created 07-14-2017 02:18 PM
This really does not seem like a NiFi specific issue. If the user the NiFi application is running as cannot access the file even locally outside of nifi on the command line, there is no way the Nifi processor is going to be successful attempting to do the same.
First I would confirm what user owns the NiFi process using "ps -ef|grep nifi"
Then I would make sure that that user can navigate the /var/log/squid/ directory path. In order for a user to access a directory the directory execute (x) permissions allowed for that user.
let assume the following:
ls -latrh /var/log|grep squid drwxr-x---. 2 squid squid 23 Jul 14 14:09 squid ls -latrh /var/log/squid/|grep access -rw-rw-r--. 1 squid squid 5 Jul 14 14:09 access.log
As you can see here the directory "squid" is owned by squid and has permissions of 750 which means only teh user squid or users in the squid group can access this directory. It does not matter that the file access.log inside his directory has 644 permissions which would allow others to read the access.log.
You can also use the "getfacl" command to see the complete access control list for a directory or file. This allows you to see if any ACL restrictions have been placed on these directories or files.
# getfacl /var/log/squid getfacl: Removing leading '/' from absolute path names # file: var/log/squid # owner: squid # group: squid user::rwx group::r-x other::--- # getfacl /var/log/squid/access.log getfacl: Removing leading '/' from absolute path names # file: var/log/squid/access.log # owner: squid # group: squid user::rw- group::rw- other::r--
Then you can run the "id" command on the user running your NiFi and make sure it has access to teh directory path and file based on the above outputs.
id nifi uid=1002(nifi) gid=1000(hadoop) groups=1000(hadoop),1001(nifi)