You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Jake (JIRA)" <ji...@apache.org> on 2019/02/07 20:27:00 UTC
[jira] [Created] (ZEPPELIN-3995) How to lock down sh, other OS
access?
Jake created ZEPPELIN-3995:
------------------------------
Summary: How to lock down sh, other OS access?
Key: ZEPPELIN-3995
URL: https://issues.apache.org/jira/browse/ZEPPELIN-3995
Project: Zeppelin
Issue Type: Bug
Components: zeppelin-server
Affects Versions: 0.8.1
Reporter: Jake
I'm running Zeppelin in docker based on the image on docker hub. I've noticed that the sh interpreter, and I guess all others, have access to the configuration files. For example I'm able to change the notebook permissions file using the sh interpreter. This is clearly a problem. Is there a way to change what user the interpreters, i guess, run as which won't have permissions to change the application's configuration? Otherwise, there really isn't any notebook security, right?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)