Well, I don't recommend running as root. That's why I went to the trouble to set up zeppelin as a sudoer.
If you don't make this adjustment, yes, you have to run as root, or you have to do the ssh key method. It's always the case that something has to run with elevated privilege to allow userID changes at runtime. With JEE, the best that can be done, today, is to isolate executable userIDs from the main process user ID. In general, exposing shells to the web is problematic vis-a-vis security. Cheers! -sam
