You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by GitBox <gi...@apache.org> on 2019/03/13 06:28:25 UTC
[GitHub] [zeppelin] liuxunorg commented on issue #3333: [ZEPPELIN-4053].
Implement impersonation via c native api
liuxunorg commented on issue #3333: [ZEPPELIN-4053]. Implement impersonation via c native api
URL: https://github.com/apache/zeppelin/pull/3333#issuecomment-472296791
For security, YARN uses the yarn user group to execute `/etc/yarn/sbin/Linux-amd64-64/container-executor`, which requires special settings for the `container-executor` file.
1. Running zeppelin with root can switch users, But this is not safe enough.
2. So need to create a zeppelin user group in the operating system (for example: zeppelin-group). The user running the zeppelin service belongs to this group zeppelin-group.
After performing the following operations on the file using the root account, the execution user of the zeppelin service can also switch users.
```
chown root:${zeppelin-group} zeppelin/bin/execute-as-user
chmod 6050 zeppelin/bin/execute-as-user
```
So need to add some instructions for use.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services