So,
I run the zeppelin process as the web user on my system. There is no other
web process, so why not.
Then, UNIX permissions keep it from running, accessing, deleting anything
else. EXCEPT items that are world writeable.
There shouldn't be any of those, other than /tmp, but still /tmp is a
hotbed of nefarious activity on hacked machines. :)
For example:
%sh
pwd
ls
touch bazzot
ls -l bazzot
rm bazzot
Gives:
/var/www/zeppelin
derby.log
figure
metastore_db
Rgraphics
Rgraphics.zip
-rw-r--r-- 1 www-data www-data 0 May 8 18:04 bazzot
ls: cannot access 'bazzot': No such file or directory
ExitValue: 2
For another example:
%sh
id
cd /home/samcn2
touch bazzot
ls -l bazzot
rm bazzot
Gives:
uid=33(www-data) gid=33(www-data) groups=33(www-data)
touch: cannot touch 'bazzot': Permission denied
ls: cannot access 'bazzot': No such file or directory
rm: cannot remove 'bazzot': No such file or directory
ExitValue: 1
So, you can't access other users' files.
But you CAN access the web user's files. That may be a bug. I'm going to
try changing the zeppelin running user. Wait one...
OK. So you can run zeppelin as some other user, the logs and the run
directory must be owned by that user.
I do this with symlinks. But the websocket is failing. So no joy there...
So, for now, you can set things up so that zeppelin can't access any other
files from other users on the system,
but zeppelin web can access the zeppelin executable. So, don't put this up
for untrusted users!!!
Here is my zeppelin start script:
#!/bin/sh
cd /var/www/zeppelin/home
sudo -u zeppelin
/opt/apache/zeppelin/zeppelin-0.7.3-bin-all/bin/zeppelin-daemon.sh $*
If /var/www/zeppelin/home is owned by zeppelin, as is
/opt/apache/zeppelin/*, then this works with the caveat above.
Cheers!
-sam
On Tue, May 8, 2018 at 5:48 PM, Jhon Anderson Cardenas Diaz <
jhonderson2...@gmail.com> wrote:
> Dear Zeppelin Community,
>
> Currently when a Zeppelin paragraph is executed, the code in it can read
> sensitive config files, change them, including web app pages and etc. Like
> in this example:
>
> %python
> f = open("/usr/zeppelin/conf/credentials.json", "r")
> f.read()
>
> Do you know if is there a way to configure the user used to start the
> interpreters or run the paragraph's code ?, so that user can not access the
> File System where zeppelin is running, or has more restricted access.
>
> Thank you.
>
