What are user jzyc's uid and gid on the system?
I'm no Linux PAM guru, but :
"auth requisite pam_succeed_if.so uid >= 1000"
and
"account sufficient pam_succeed_if.so uid < 1000 quiet"
seem to be in contradiction with each other, and being in
/etc/pam.d/zeppelin, it wouldn't affect ssh.
Cheers!
-
Please add sam...@outlook.com
Thanks!
On Wed, Feb 10, 2021, 10:17 Jeff Zhang wrote:
> Hi Folks,
>
> We have an apache slack channel for Zeppelin, but we didn't make lots of
> discussion there, but I think it is suitable for many kinds of discussion,
> specially we recently talked about regular
I use nginx, so this may not fit your proxy.
But I highly recommend nginx.
Anyway, here is my reverse proxy stanza for zeppelin.
server_name zeppelin.external;
ssl_certificate /etc/certs/zeppelin.external/fullchain.pem;
ssl_certificate_key /etc/certs/zeppelin.external/privkey.pem
Unless there is a weakness in a particular API/Library for authenticating
to a particular backing store, there is no reason to think that msyl (or
any SQL server) is more or less secure than the object stores that you
mention. I would agree with concerns about stability. That's what SQL
servers
+1
On Mon, Mar 23, 2020, 11:14 Jeff Zhang wrote:
>
> Hi folks,
>
> I propose the following RC to be released for the Apache Zeppelin
> 0.9.0-preview1 release.
>
>
> The commit id is a74365c0813b451db1bc78def7d1ad1279429224 :
> https://gitbox.apache.org/repos/asf?p=zeppelin.git;a=commit;h=a7436
+1
On Mon, Mar 16, 2020, 10:45 Jeff Zhang wrote:
> Hi Folks,
>
> I'd like to start the discussion of releasing of 0.9.0-preview-1. As we
> discussed before releasing a preview version first is suitable for a major
> release based on our previous experience[1]. The last major release 0.8.0
> is i
I believe I do what you are attempting. NGINX reverse proxy (and SSL
termination) and shiro users (i.e. not NGINX users).
Here is the NGINX config that works here.
Our arch is: {Internet}--443-->[NGINX]==6800==>[zeppelin]
server_name zeppelin.OURDOMAIN.com;
ssl_certificate /e
Or perhaps it's just the documentation...
I'm building 0.8.0, as per instructions at
https://zeppelin.apache.org/docs/0.8.0/setup/basics/how_to_build.html
I'm building in Jenkins, so the git clone is more involved...
git rev-parse refs/remotes/origin/refs/tags/v0.8.0
...
Checking out Revision
is - if I pass public IP address of
> Zeppelin, it fails; but if private IP is passed, it works. This is
> specifically observed on Azure VM and AWS EC2 instances.
>
>
> *Sanket Tarun Shah - **Enterprise Architect*
> +91 98793 56075 | sanket.s...@outlook.com <http://outlook.com&
Here's the zeppelin from my currently, working, config
I have changed my DNS domains to "internal" and "external"
Other than that, it's really verbatim.
server {
listen 443 ssl http2;
server_name zeppelin.external;
ssl_certificate /etc/certs/fullchain.cer;
ssl_
+1 Does Apache Foundation make build resources available?
If not, I've got a slice on my Jenkins server that has zeppelin 0.8.
Adding SNAPSHOT would not be a problem.
On Fri, May 11, 2018 at 2:43 AM, Jongyoul Lee wrote:
> +1. We might use Jenkins and SNAPSHOT repo.
>
> JL
>
> On Fri, May 11, 20
is that the command is executed
> using sudo (*sudo* -E -H -u bash -c "...") so it will be executed
> as root user anyways as i show you in ps aux results.
> Regards.
>
> 2018-05-10 14:48 GMT-05:00 Sam Nicholson :
>
>> Well, I don't recommend running as root.
>&
Well, I don't recommend running as root.
That's why I went to the trouble to set up zeppelin as a sudoer.
If you don't make this adjustment, yes, you have to run as root,
or you have to do the ssh key method.
It's always the case that something has to run with elevated
privilege to allow userID c
cesses could not access the directories of other users than on the
> problem that a process could access the zeppelin file system. Am i right ?
>
> 2018-05-08 17:46 GMT-05:00 Sam Nicholson :
>
>> And warning!
>>
>> Trying to answer the above, I've disconnected my
OK, after learning way too much about zeppelin and java. :)
First, re-check the docs at: https://zeppelin.apache.org/docs/0.7.3/manual/
userimpersonation.html
But it's more than that. To lock things down as much as you can, you also
need to limit
the set of users that can be impersonated, *and*
And warning!
Trying to answer the above, I've disconnected my websocket.
I'll figure it out and report back
On Tue, May 8, 2018 at 6:28 PM, Sam Nicholson wrote:
> So,
>
> I run the zeppelin process as the web user on my system. There is no
> other web process, so w
So,
I run the zeppelin process as the web user on my system. There is no other
web process, so why not.
Then, UNIX permissions keep it from running, accessing, deleting anything
else. EXCEPT items that are world writeable.
There shouldn't be any of those, other than /tmp, but still /tmp is a
h
17 matches
Mail list logo
