liuxunorg commented on issue #3333: [ZEPPELIN-4053]. Implement impersonation via c native api URL: https://github.com/apache/zeppelin/pull/3333#issuecomment-472296791 For security, YARN uses the yarn user group to execute `/etc/yarn/sbin/Linux-amd64-64/container-executor`, which requires special settings for the `container-executor` file. 1. Running zeppelin with root can switch users, But this is not safe enough. 2. So need to create a zeppelin user group in the operating system (for example: zeppelin-group). The user running the zeppelin service belongs to this group zeppelin-group. After performing the following operations on the file using the root account, the execution user of the zeppelin service can also switch users. ``` chown root:${zeppelin-group} zeppelin/bin/execute-as-user chmod 6050 zeppelin/bin/execute-as-user ``` So need to add some instructions for use.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services