I have a use case where I am running the Zeppelin server as a user named
zeppelin. All user interpreter processes run as this user but this gives
them too much power. They can view configuration files and logs.
I don't want to impersonate the users because they don't have accounts in
the container I am running Zeppelin in.
So the hack I came up with was to set ZEPPELIN_IMERSONATE_USER manually.
export ZEPPELIN_IMPERSONATE_USER='zeppelin_user'
export ZEPPELIN_IMPERSONATE_CMD='sudo -H -u ${ZEPPELIN_IMPERSONATE_USER}
/bin/bash -c '
export ZEPPELIN_IMPERSONATE_SPARK_PROXY_USER=true
This seems to work but it isn't really a standard configuration and I fear
it may break in the future.
Is there a better way to do this?
The zeppelin_user account has limited access so it can't read the conf and
other sensitive directories.
Let me know if there is a better way to do this.
Thanks,
Tony
