Hello Paul, I thought about that option but it is still a hack, and it is not sure that would prevent users from snooping the system configurations (unless I block the rights to read files, but that’s too exaggerate). Having a basedir would be easier and more elegant, like on most http servers (one should not be able to access http://domain.com/../../etc <http://domain.com/etc>, for example).
Thanks anyway for the hint! Angelo > Le 6 mars 2017 à 14:27, Paul Brenner <pbren...@placeiq.com> a écrit : > > > When you start zeppelin can you do it as a user with fewer privileges? We > created a user specifically for starting zeppelin server and set access > limits to that user. Kind of a hack, so perhaps others will chime in with > more elegant solutions. > > <http://www.placeiq.com/> <http://www.placeiq.com/> > <http://www.placeiq.com/> Paul Brenner > <https://twitter.com/placeiq> <https://twitter.com/placeiq> > <https://twitter.com/placeiq> <https://www.facebook.com/PlaceIQ> > <https://www.facebook.com/PlaceIQ> > <https://www.linkedin.com/company/placeiq> > <https://www.linkedin.com/company/placeiq> > DATA SCIENTIST > (217) 390-3033 <tel:(217)%20390-3033> > > > <http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/> > > <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> > > <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> > > <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> > > <http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/> > > <http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/> > > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > > <http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/> > > <http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP> > > <http://placeiq.com/2016/08/03/placeiq-bolsters-location-intelligence-platform-with-mastercard-insights/> > > <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/> > > <http://placeiq.com/2016/12/07/placeiq-introduces-landmark-a-groundbreaking-offering-that-delivers-access-to-the-highest-quality-location-data-for-insights-that-fuel-limitless-business-decisions/> > > On Mon, Mar 06, 2017 at 7:18 AM Angelo Steffenel <Angelo Steffenel > <mailto:Angelo Steffenel <ang...@lsteffenel.fr>>> wrote: > Dear all, I’m trying to set Zeppelin as the frontend for a small cluster I > use with my students. > > After a few tests I found that anyone can access and even modify system files > (for example, they can make "ls /etc" or even "rm -rf ~" when using %sh). > Is there a way to define a homedir so that all the users see resides below > that directory (like the --notebook-dir option in Jupyter)? I know that this > can be achieved using Docker but it seems an unnecessary layer… > > Sorry if my question is dumb, I'm just starting using Zeppelin but I was > unable to find an answer in the docs or in the mailing list archives. > > Best regards, > > > > Angelo >
