And warning!
Trying to answer the above, I've disconnected my websocket.
I'll figure it out and report back
On Tue, May 8, 2018 at 6:28 PM, Sam Nicholson <sam...@ogt11.com> wrote:
> So,
>
> I run the zeppelin process as the web user on my system. There is no
> other web process, so why not.
>
> Then, UNIX permissions keep it from running, accessing, deleting anything
> else. EXCEPT items that are world writeable.
>
> There shouldn't be any of those, other than /tmp, but still /tmp is a
> hotbed of nefarious activity on hacked machines. :)
>
> For example:
>
> %sh
>
> pwd
> ls
> touch bazzot
> ls -l bazzot
> rm bazzot
>
> Gives:
>
> /var/www/zeppelin
> derby.log
> figure
> metastore_db
> Rgraphics
> Rgraphics.zip
> -rw-r--r-- 1 www-data www-data 0 May 8 18:04 bazzot
> ls: cannot access 'bazzot': No such file or directory
> ExitValue: 2
>
> For another example:
>
> %sh
> id
> cd /home/samcn2
> touch bazzot
> ls -l bazzot
> rm bazzot
>
> Gives:
>
> uid=33(www-data) gid=33(www-data) groups=33(www-data)
> touch: cannot touch 'bazzot': Permission denied
> ls: cannot access 'bazzot': No such file or directory
> rm: cannot remove 'bazzot': No such file or directory
> ExitValue: 1
>
>
> So, you can't access other users' files.
>
> But you CAN access the web user's files. That may be a bug. I'm going to
> try changing the zeppelin running user. Wait one...
>
> OK. So you can run zeppelin as some other user, the logs and the run
> directory must be owned by that user.
> I do this with symlinks. But the websocket is failing. So no joy there...
>
> So, for now, you can set things up so that zeppelin can't access any other
> files from other users on the system,
> but zeppelin web can access the zeppelin executable. So, don't put this
> up for untrusted users!!!
>
> Here is my zeppelin start script:
> #!/bin/sh
>
> cd /var/www/zeppelin/home
>
> sudo -u zeppelin
> /opt/apache/zeppelin/zeppelin-0.7.3-bin-all/bin/zeppelin-daemon.sh
> $*
>
>
> If /var/www/zeppelin/home is owned by zeppelin, as is
> /opt/apache/zeppelin/*, then this works with the caveat above.
>
> Cheers!
> -sam
>
>
> On Tue, May 8, 2018 at 5:48 PM, Jhon Anderson Cardenas Diaz <
> jhonderson2...@gmail.com> wrote:
>
>> Dear Zeppelin Community,
>>
>> Currently when a Zeppelin paragraph is executed, the code in it can read
>> sensitive config files, change them, including web app pages and etc. Like
>> in this example:
>>
>> %python
>> f = open("/usr/zeppelin/conf/credentials.json", "r")
>> f.read()
>>
>> Do you know if is there a way to configure the user used to start the
>> interpreters or run the paragraph's code ?, so that user can not access the
>> File System where zeppelin is running, or has more restricted access.
>>
>> Thank you.
>>
>
>
