Hi, That's right. Until Zeppelin get impersonation implemented that i mentioned in one of previous email.
Thanks Igor for sharing your interests. Regards, moon On Sun, Nov 6, 2016 at 8:42 PM Igor Yakushin <i...@uchicago.edu> wrote: > Hi Moon, > > This allows a user to specify who can see his note, right? > > But that does not protect the system from users getting root access via > %sh (or who knows what else) if Zeppelin is running as root? > > Thank you, > > Igor > > On 11/06/2016 08:48 PM, moon soo Lee wrote: > > Zeppelin already have three different modes for interpreter process > management. > > - shared : share a single process per note > - scoped: share a single process but create instance inside per note > - isolated : create a new process per note. > > Now community also is actively working on bring this ability to not only > per note but also per user as well. Here's related issues. And i think > we'll have those features really soon. > https://issues.apache.org/jira/browse/ZEPPELIN-1210 > https://issues.apache.org/jira/browse/ZEPPELIN-1236 > > Let me know if you have any other questions. > > Thanks, > moon > > On Sun, Nov 6, 2016 at 5:45 PM Igor Yakushin <i...@uchicago.edu> wrote: > > > > On 11/06/2016 07:30 PM, moon soo Lee wrote: > > Hi Igor, > > > > Zeppelin runs with user id that execute bin/zeppelin-daemon.sh or > > bin/zeppeiln.sh. And all interpreter processes are running with the > > same user id at the moment. So you'll need to change your user id to > > appropriate one for your job and start Zeppelin. > > Hi Moon, > So do I understand correctly that at the moment one cannot run a single > Zeppelin server for all the users to connect to and each user is > supposed to run his own instance of the server? > Zeppelin can use ldap for authentication so I thought that I can run it > as root. But later I discovered that %sh would give root access to all > the users!!! > Is there a way around it? Like running it under some service account? > With Jupyter, for example, there is JupyterHub that allows that: each > user only has access to his account. Nothing like that for Zeppelin? > Thank you, > Igor > > -- > Igor Yakushin, Ph.D. > Computational Scientist > Kavli Institute for Cosmological Physics, ERC #413 > Research Computing Center, room #2 > The University of Chicago > 773-834-5313 <%28773%29%20834-5313> > https://rcc.uchicago.edu > > > -- > Igor Yakushin, Ph.D. > Computational Scientist > Kavli Institute for Cosmological Physics, ERC #413 > Research Computing Center, room #2 > The University of Chicago773-834-5313 > <(773)%20834-5313>https://rcc.uchicago.edu > >
