Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

NIFI service user ID

avatar
Expert Contributor

Currently HDF 1.2 is running as user root. I am using HDP 2.3.2 so NIFI is not part of Ambari controlled list.

Since it is run as root, getHDFS or putHDFS processor uses a user keytab. How could I prevent a user A to create

a processor to use user B's keytab? In HDP 2.4 or later, do we have NIFI service user ID provisioned?

1 ACCEPTED SOLUTION

avatar
Master Guru
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
3 REPLIES 3

avatar
Master Guru

If the NiFi process has access to keytab1 and keytab2 on the filesystem, then any use can enter either of those keytabs into a processor. You would need two separate NiFi instances each running as a different operating system user, lets say user1 and user2, and user1 only has filesystem access to keytab1, and user2 only has filesystem access to keytab2.

You can run NiFi as a user other than root by specifying a value for the run.as property in bootstrap.conf.

avatar
Expert Contributor

Do you mean that each nifi user should have his/her own instance? There could be too many. Also is there any way to specify multiple instances per host?

avatar
Master Guru
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login