Re: Zeppelin code can access FileSystem

sudo ... -u ... runs as user. Unless your user is root... Perhaps I'm missing something. Oh! Wait! Are you using %python ? User_impersonate only works with %sh. And that brings me to this: After all of this, I find that user_impersonate is not very useful. Yes, it does what is says, but

Re: Zeppelin code can access FileSystem

Yes I did the sudoers configuration and i am using zeppelin user (not root) to execute that command, the problem is that the command is executed using sudo (*sudo* -E -H -u bash -c "...") so it will be executed as root user anyways as i show you in ps aux results. Regards. 2018-05-10 14:48 GMT-05

Re: Zeppelin code can access FileSystem

Well, I don't recommend running as root. That's why I went to the trouble to set up zeppelin as a sudoer. If you don't make this adjustment, yes, you have to run as root, or you have to do the ssh key method. It's always the case that something has to run with elevated privilege to allow userID c

Re: Zeppelin code can access FileSystem

Subject: Re: Zeppelin code can access FileSystem > To: > > > Yes, I believe that jira report was about keeping users isolated from each > other. > And with user impersonation, and the method I outlined just now, this > works well. > > AND this keeps the shell you fire up fro

Re: Zeppelin code can access FileSystem

Yes, I believe that jira report was about keeping users isolated from each other. And with user impersonation, and the method I outlined just now, this works well. AND this keeps the shell you fire up from accessing the zeppelin files. BUT, this is not a zeppelin problem. This is a JEE problem.

Re: Zeppelin code can access FileSystem

OK, after learning way too much about zeppelin and java. :) First, re-check the docs at: https://zeppelin.apache.org/docs/0.7.3/manual/ userimpersonation.html But it's more than that. To lock things down as much as you can, you also need to limit the set of users that can be impersonated, *and*

Re: Zeppelin code can access FileSystem

Thank you Sam. Reviewing the jira issues, I found that issue was previously identified in this jira ticket ZEPPELIN-1320 , but i don't know if is my impression but it seems like they focused more on the fact that the processes could not access th

Re: Zeppelin code can access FileSystem

And warning! Trying to answer the above, I've disconnected my websocket. I'll figure it out and report back On Tue, May 8, 2018 at 6:28 PM, Sam Nicholson wrote: > So, > > I run the zeppelin process as the web user on my system. There is no > other web process, so why not. > > Then, UNIX permis

Re: Zeppelin code can access FileSystem

So, I run the zeppelin process as the web user on my system. There is no other web process, so why not. Then, UNIX permissions keep it from running, accessing, deleting anything else. EXCEPT items that are world writeable. There shouldn't be any of those, other than /tmp, but still /tmp is a h

Zeppelin code can access FileSystem

Dear Zeppelin Community, Currently when a Zeppelin paragraph is executed, the code in it can read sensitive config files, change them, including web app pages and etc. Like in this example: %python f = open("/usr/zeppelin/conf/credentials.json", "r") f.read() Do you know if is there a way to con