You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Noam (Jira)" <ji...@apache.org> on 2021/09/20 19:30:00 UTC

[jira] [Created] (ZEPPELIN-5531) Security on ssh impersonation with pyspark

Noam created ZEPPELIN-5531:
------------------------------

             Summary: Security on ssh impersonation with pyspark
                 Key: ZEPPELIN-5531
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5531
             Project: Zeppelin
          Issue Type: Bug
          Components: interpreter-setting, Interpreters, security
    Affects Versions: 0.9.0
            Reporter: Noam


I am trying to implement impersonation in zeppelin using SSH (ssh user1@localhost) following the documentation ([https://zeppelin.apache.org/docs/0.9.0/usage/interpreter/user_impersonation.html)] 
This approach seems to work with the python and shell interpreters, but does not seem to be entirely working for the pyspark interpreter. 
When logged into the zeppelin app as user1, running:

%pyspark
import os
os.popen('whoami').read()

outputs: 'zeppelin', instead of the expected output 'user1.  

This creates security issues such as 'os.popen("cat conf/credentials.json")'

Is there a problem with how I configured impersonation, or is this an open issue in the spark interpreter? 
Are there solutions for protecting 'credentials.json'?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)