Re: under what userid should Zeppelin run?

Sun, 06 Nov 2016 20:43:07 -0800 

Hi Moon,

This allows a user to specify who can see his note, right?
But that does not protect the system from users getting root access via %sh (or who knows what else) if Zeppelin is running as root? 

Thank you,

Igor


On 11/06/2016 08:48 PM, moon soo Lee wrote:
Zeppelin already have three different modes for interpreter process management. 

 - shared : share a single process per note
 - scoped: share a single process but create instance inside per note
 - isolated : create a new process per note.
Now community also is actively working on bring this ability to not only per note but also per user as well. Here's related issues. And i think we'll have those features really soon. 
https://issues.apache.org/jira/browse/ZEPPELIN-1210
https://issues.apache.org/jira/browse/ZEPPELIN-1236

Let me know if you have any other questions.

Thanks,
moon
On Sun, Nov 6, 2016 at 5:45 PM Igor Yakushin <i...@uchicago.edu <mailto:i...@uchicago.edu>> wrote: 



    On 11/06/2016 07:30 PM, moon soo Lee wrote:
    > Hi Igor,
    >
    > Zeppelin runs with user id that execute bin/zeppelin-daemon.sh or
    > bin/zeppeiln.sh. And all interpreter processes are running with the
    > same user id at the moment. So you'll need to change your user id to
    > appropriate one for your job and start Zeppelin.

    Hi Moon,
    So do I understand correctly that at the moment one cannot run a
    single
    Zeppelin server for all the users to connect to and each user is
    supposed to run his own instance of the server?
    Zeppelin can use ldap for authentication so I thought that I can
    run it
    as root. But later I discovered that %sh would give root access to all
    the users!!!
    Is there a way around it? Like running it under some service account?
    With Jupyter, for example, there is JupyterHub that allows that: each
    user only has access to his account. Nothing like that for Zeppelin?
    Thank you,
    Igor

    --
    Igor Yakushin, Ph.D.
    Computational Scientist
    Kavli Institute for Cosmological Physics, ERC #413
    Research Computing Center, room #2
    The University of Chicago
    773-834-5313 <tel:%28773%29%20834-5313>
    https://rcc.uchicago.edu



--
Igor Yakushin, Ph.D.
Computational Scientist
Kavli Institute for Cosmological Physics, ERC #413
Research Computing Center, room #2
The University of Chicago
773-834-5313
https://rcc.uchicago.edu

Reply via email to