Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Switch root user to non-root in NIFI

Labels:
avatar
author-rank Sanaz_janbakhsh
Expert Contributor

Created ‎10-20-2016 12:17 AM

Hi ,

NIFI was installed before with root user in our enviorment, now in order to switch it to non-root user, i'm wondering if you can help in the steps that i need to follow. Should i clean and re-install it again?

The version is 2.4.2.0

Thanks

SJ

6,222 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎10-20-2016 12:57 AM

@Sanaz Janbakhsh

Re-installing from scratch is not necessary. Shutdown your NiFi instance, create the user on your system that you want to run NiFi as and change ownership of all the files and directories used by NiFi to that user. This includes all 4 NiFi repositories (Database, Provenance, Content, and FlowFile). The "NiFi user" must be able to read and write to the repos, nifi logs, and state directories. If you are unsure where to find these directories your user needs access to, look in the various config files found in NiFi's conf directory. NiFi will be able to continue working on FlowFiles that were still active in the flow as long as ownership of those files was successfully changed. After that you can either start NiFi while logged in as that new user or set the "run.as=" property in the NiFI bootstrap.conf file. After starting NiFi as the user, tail the nifi-app.log and watch for any permission denied errors. If you encounter any, adjusted permissions on the reported file/dir and you should be good to go.

There is no such thing as NiFi version 2.4.2.0? Are you running an Apache Nifi release (0.x or 1.x) or a HDF release (1.x or 2.0)? You can see your NiFi version by clicking on "about" in the upper right corner of the NiFi UI.

Thanks,

Matt

View solution in original post

5,407 Views
1
9 REPLIES 9

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎10-20-2016 12:57 AM

@Sanaz Janbakhsh

Re-installing from scratch is not necessary. Shutdown your NiFi instance, create the user on your system that you want to run NiFi as and change ownership of all the files and directories used by NiFi to that user. This includes all 4 NiFi repositories (Database, Provenance, Content, and FlowFile). The "NiFi user" must be able to read and write to the repos, nifi logs, and state directories. If you are unsure where to find these directories your user needs access to, look in the various config files found in NiFi's conf directory. NiFi will be able to continue working on FlowFiles that were still active in the flow as long as ownership of those files was successfully changed. After that you can either start NiFi while logged in as that new user or set the "run.as=" property in the NiFI bootstrap.conf file. After starting NiFi as the user, tail the nifi-app.log and watch for any permission denied errors. If you encounter any, adjusted permissions on the reported file/dir and you should be good to go.

There is no such thing as NiFi version 2.4.2.0? Are you running an Apache Nifi release (0.x or 1.x) or a HDF release (1.x or 2.0)? You can see your NiFi version by clicking on "about" in the upper right corner of the NiFi UI.

Thanks,

Matt

5,408 Views
1

avatar
author-rank Sanaz_janbakhsh
Expert Contributor

Created ‎10-20-2016 04:53 AM

Hi Matt,

Thanks alot for the comment, it is really helpful. I'm running HDF version . i hope this is the one that you recommend.

SJ

5,320 Views
0 Kudos

avatar
author-rank Sanaz_janbakhsh
Expert Contributor

Created ‎10-22-2016 06:36 PM

Hi Matt,

The user that i logged in is different than "nifi" user and it is generic account. I assume that i can set "run-as=" with the same user that i logged in with and also change all the files with root owner to this generic user t and it should not be necessary "nifi" user. right?

Also i need to change the owner of /nifi/bin folder from root to the same user too. Right?

SJ

5,320 Views
0 Kudos

avatar
author-rank Sanaz_janbakhsh
Expert Contributor

Created ‎10-22-2016 06:36 PM

Hi Matt,

The user that i logged in is different than "nifi" user and it is generic account. I assume that i can set "run-as=" with the same user that i logged in with and also change all the files with root owner to this generic user t and it should not be necessary "nifi" user. right?

Also i need to change the owner of /nifi/bin folder from root to the same user too. Right?

SJ

5,320 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎10-22-2016 10:05 PM

NiFi sets no specific requirement for what user account is used to run NiFi. as long as that user has the ability to read and write to the various NiFi directories, you will be good. what ever user you decide on will need the execute permissions on the files in the bin directory.

The purpose of serving the run.as= property is so that NiFi will start as that set user even if the executable is trigger by root.

5,320 Views
0 Kudos

avatar
author-rank Sanaz_janbakhsh
Expert Contributor

Created ‎10-23-2016 02:22 AM

Thanks alot Matt for the confirmation.

SJ

5,320 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎10-23-2016 04:33 PM

@sanaz Janbakhsh

Please accept the answer that helped you.

5,320 Views
0 Kudos

avatar
author-rank JCSoto
New Contributor

Created ‎12-17-2022 11:43 AM

Thanks Matt ... seeing and fixing all directories ownership was key to start again NiFi ...

3,339 Views
0 Kudos

avatar
author-rank Sanaz_janbakhsh
Expert Contributor

Created ‎10-25-2016 12:31 AM

Hi Matt,

The solution perfectly helped me and fixed my issue. I don't know how to accept the answer though. 🙂

SJ

5,320 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements