Hiding shiro.ini and other sensitive files from end users

[Tony Primerano <pr...@tonycode.com>]

Is there a recommended way to hide secrets contained in shirio.ini and
other files?

I made my shell interpreter run as a different user to prevent access to
configuration files but from a python interpreter you can run shell
commands as the Zeppelin process user.

Is there a way to prevent this?

Thanks
Tony

Re: Hiding shiro.ini and other sensitive files from end users

[Tony Primerano <pr...@tonycode.com>]

https://issues.apache.org/jira/browse/ZEPPELIN-4459

Thanks!
Tony

On Thu, Nov 21, 2019, 8:20 AM Jeff Zhang <zj...@gmail.com> wrote:

> I don't think currently Zeppelin can use per-user by default for now, but
> I think it make sense to provide a configuration for this global default
> setting.
>
> could you create a ticket for it ?
>
>
>
> Tony Primerano <pr...@tonycode.com> 于2019年11月21日周四 下午9:10写道：
>
>> Oh yeah.  I had impersonate on but only for sh.  I added to the python
>> interpreter and now I'm good.
>>
>> Is there a way to set all interpreters to per-user by default?
>>
>> On Thu, Nov 21, 2019, 12:46 AM Manuel Sopena Ballesteros <
>> manuel.sb@garvan.org.au> wrote:
>>
>>> Have you setup impersonate in spark interpreter?
>>>
>>>
>>>
>>> Manuel
>>>
>>>
>>>
>>> *From:* Tony Primerano [mailto:primerano@tonycode.com]
>>> *Sent:* Thursday, November 21, 2019 12:35 PM
>>> *To:* users@zeppelin.apache.org
>>> *Subject:* Re: Hiding shiro.ini and other sensitive files from end users
>>>
>>>
>>>
>>> I am currently running in spark stand-alone mode.
>>>
>>> On Wed, Nov 20, 2019, 6:25 PM Manuel Sopena Ballesteros <
>>> manuel.sb@garvan.org.au> wrote:
>>>
>>> Hi Tony,
>>>
>>>
>>>
>>> Are you running a yarn cluster?
>>>
>>>
>>>
>>> thanks
>>>
>>>
>>>
>>> Manuel
>>>
>>>
>>>
>>> *From:* Tony Primerano [mailto:primerano@tonycode.com]
>>> *Sent:* Thursday, November 21, 2019 9:08 AM
>>> *To:* users@zeppelin.apache.org
>>> *Subject:* Hiding shiro.ini and other sensitive files from end users
>>>
>>>
>>>
>>> Is there a recommended way to hide secrets contained in shirio.ini and
>>> other files?
>>>
>>>
>>>
>>> I made my shell interpreter run as a different user to prevent access to
>>> configuration files but from a python interpreter you can run shell
>>> commands as the Zeppelin process user.
>>>
>>>
>>>
>>> Is there a way to prevent this?
>>>
>>>
>>>
>>> Thanks
>>>
>>> Tony
>>>
>>> NOTICE
>>>
>>> Please consider the environment before printing this email. This message
>>> and any attachments are intended for the addressee named and may contain
>>> legally privileged/confidential/copyright information. If you are not the
>>> intended recipient, you should not read, use, disclose, copy or distribute
>>> this communication. If you have received this message in error please
>>> notify us at once by return email and then delete both messages. We accept
>>> no liability for the distribution of viruses or similar in electronic
>>> communications. This notice should not be removed.
>>>
>>> NOTICE
>>> Please consider the environment before printing this email. This message
>>> and any attachments are intended for the addressee named and may contain
>>> legally privileged/confidential/copyright information. If you are not the
>>> intended recipient, you should not read, use, disclose, copy or distribute
>>> this communication. If you have received this message in error please
>>> notify us at once by return email and then delete both messages. We accept
>>> no liability for the distribution of viruses or similar in electronic
>>> communications. This notice should not be removed.
>>>
>>
>
> --
> Best Regards
>
> Jeff Zhang
>

Re: Hiding shiro.ini and other sensitive files from end users

[Jeff Zhang <zj...@gmail.com>]

I don't think currently Zeppelin can use per-user by default for now, but I
think it make sense to provide a configuration for this global default
setting.

could you create a ticket for it ?



Tony Primerano <pr...@tonycode.com> 于2019年11月21日周四 下午9:10写道：

> Oh yeah.  I had impersonate on but only for sh.  I added to the python
> interpreter and now I'm good.
>
> Is there a way to set all interpreters to per-user by default?
>
> On Thu, Nov 21, 2019, 12:46 AM Manuel Sopena Ballesteros <
> manuel.sb@garvan.org.au> wrote:
>
>> Have you setup impersonate in spark interpreter?
>>
>>
>>
>> Manuel
>>
>>
>>
>> *From:* Tony Primerano [mailto:primerano@tonycode.com]
>> *Sent:* Thursday, November 21, 2019 12:35 PM
>> *To:* users@zeppelin.apache.org
>> *Subject:* Re: Hiding shiro.ini and other sensitive files from end users
>>
>>
>>
>> I am currently running in spark stand-alone mode.
>>
>> On Wed, Nov 20, 2019, 6:25 PM Manuel Sopena Ballesteros <
>> manuel.sb@garvan.org.au> wrote:
>>
>> Hi Tony,
>>
>>
>>
>> Are you running a yarn cluster?
>>
>>
>>
>> thanks
>>
>>
>>
>> Manuel
>>
>>
>>
>> *From:* Tony Primerano [mailto:primerano@tonycode.com]
>> *Sent:* Thursday, November 21, 2019 9:08 AM
>> *To:* users@zeppelin.apache.org
>> *Subject:* Hiding shiro.ini and other sensitive files from end users
>>
>>
>>
>> Is there a recommended way to hide secrets contained in shirio.ini and
>> other files?
>>
>>
>>
>> I made my shell interpreter run as a different user to prevent access to
>> configuration files but from a python interpreter you can run shell
>> commands as the Zeppelin process user.
>>
>>
>>
>> Is there a way to prevent this?
>>
>>
>>
>> Thanks
>>
>> Tony
>>
>> NOTICE
>>
>> Please consider the environment before printing this email. This message
>> and any attachments are intended for the addressee named and may contain
>> legally privileged/confidential/copyright information. If you are not the
>> intended recipient, you should not read, use, disclose, copy or distribute
>> this communication. If you have received this message in error please
>> notify us at once by return email and then delete both messages. We accept
>> no liability for the distribution of viruses or similar in electronic
>> communications. This notice should not be removed.
>>
>> NOTICE
>> Please consider the environment before printing this email. This message
>> and any attachments are intended for the addressee named and may contain
>> legally privileged/confidential/copyright information. If you are not the
>> intended recipient, you should not read, use, disclose, copy or distribute
>> this communication. If you have received this message in error please
>> notify us at once by return email and then delete both messages. We accept
>> no liability for the distribution of viruses or similar in electronic
>> communications. This notice should not be removed.
>>
>

-- 
Best Regards

Jeff Zhang

Re: Hiding shiro.ini and other sensitive files from end users

[Tony Primerano <pr...@tonycode.com>]

Oh yeah.  I had impersonate on but only for sh.  I added to the python
interpreter and now I'm good.

Is there a way to set all interpreters to per-user by default?

On Thu, Nov 21, 2019, 12:46 AM Manuel Sopena Ballesteros <
manuel.sb@garvan.org.au> wrote:

> Have you setup impersonate in spark interpreter?
>
>
>
> Manuel
>
>
>
> *From:* Tony Primerano [mailto:primerano@tonycode.com]
> *Sent:* Thursday, November 21, 2019 12:35 PM
> *To:* users@zeppelin.apache.org
> *Subject:* Re: Hiding shiro.ini and other sensitive files from end users
>
>
>
> I am currently running in spark stand-alone mode.
>
> On Wed, Nov 20, 2019, 6:25 PM Manuel Sopena Ballesteros <
> manuel.sb@garvan.org.au> wrote:
>
> Hi Tony,
>
>
>
> Are you running a yarn cluster?
>
>
>
> thanks
>
>
>
> Manuel
>
>
>
> *From:* Tony Primerano [mailto:primerano@tonycode.com]
> *Sent:* Thursday, November 21, 2019 9:08 AM
> *To:* users@zeppelin.apache.org
> *Subject:* Hiding shiro.ini and other sensitive files from end users
>
>
>
> Is there a recommended way to hide secrets contained in shirio.ini and
> other files?
>
>
>
> I made my shell interpreter run as a different user to prevent access to
> configuration files but from a python interpreter you can run shell
> commands as the Zeppelin process user.
>
>
>
> Is there a way to prevent this?
>
>
>
> Thanks
>
> Tony
>
> NOTICE
>
> Please consider the environment before printing this email. This message
> and any attachments are intended for the addressee named and may contain
> legally privileged/confidential/copyright information. If you are not the
> intended recipient, you should not read, use, disclose, copy or distribute
> this communication. If you have received this message in error please
> notify us at once by return email and then delete both messages. We accept
> no liability for the distribution of viruses or similar in electronic
> communications. This notice should not be removed.
>
> NOTICE
> Please consider the environment before printing this email. This message
> and any attachments are intended for the addressee named and may contain
> legally privileged/confidential/copyright information. If you are not the
> intended recipient, you should not read, use, disclose, copy or distribute
> this communication. If you have received this message in error please
> notify us at once by return email and then delete both messages. We accept
> no liability for the distribution of viruses or similar in electronic
> communications. This notice should not be removed.
>

RE: Hiding shiro.ini and other sensitive files from end users

[Manuel Sopena Ballesteros <ma...@garvan.org.au>]

Have you setup impersonate in spark interpreter?

Manuel

From: Tony Primerano [mailto:primerano@tonycode.com]
Sent: Thursday, November 21, 2019 12:35 PM
To: users@zeppelin.apache.org
Subject: Re: Hiding shiro.ini and other sensitive files from end users

I am currently running in spark stand-alone mode.
On Wed, Nov 20, 2019, 6:25 PM Manuel Sopena Ballesteros <ma...@garvan.org.au>> wrote:
Hi Tony,

Are you running a yarn cluster?

thanks

Manuel

From: Tony Primerano [mailto:primerano@tonycode.com<ma...@tonycode.com>]
Sent: Thursday, November 21, 2019 9:08 AM
To: users@zeppelin.apache.org<ma...@zeppelin.apache.org>
Subject: Hiding shiro.ini and other sensitive files from end users

Is there a recommended way to hide secrets contained in shirio.ini and other files?

I made my shell interpreter run as a different user to prevent access to configuration files but from a python interpreter you can run shell commands as the Zeppelin process user.

Is there a way to prevent this?

Thanks
Tony
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.

Re: Hiding shiro.ini and other sensitive files from end users

[Tony Primerano <pr...@tonycode.com>]

I am currently running in spark stand-alone mode.

On Wed, Nov 20, 2019, 6:25 PM Manuel Sopena Ballesteros <
manuel.sb@garvan.org.au> wrote:

> Hi Tony,
>
>
>
> Are you running a yarn cluster?
>
>
>
> thanks
>
>
>
> Manuel
>
>
>
> *From:* Tony Primerano [mailto:primerano@tonycode.com]
> *Sent:* Thursday, November 21, 2019 9:08 AM
> *To:* users@zeppelin.apache.org
> *Subject:* Hiding shiro.ini and other sensitive files from end users
>
>
>
> Is there a recommended way to hide secrets contained in shirio.ini and
> other files?
>
>
>
> I made my shell interpreter run as a different user to prevent access to
> configuration files but from a python interpreter you can run shell
> commands as the Zeppelin process user.
>
>
>
> Is there a way to prevent this?
>
>
>
> Thanks
>
> Tony
> NOTICE
> Please consider the environment before printing this email. This message
> and any attachments are intended for the addressee named and may contain
> legally privileged/confidential/copyright information. If you are not the
> intended recipient, you should not read, use, disclose, copy or distribute
> this communication. If you have received this message in error please
> notify us at once by return email and then delete both messages. We accept
> no liability for the distribution of viruses or similar in electronic
> communications. This notice should not be removed.
>

RE: Hiding shiro.ini and other sensitive files from end users

[Manuel Sopena Ballesteros <ma...@garvan.org.au>]

Hi Tony,

Are you running a yarn cluster?

thanks

Manuel

From: Tony Primerano [mailto:primerano@tonycode.com]
Sent: Thursday, November 21, 2019 9:08 AM
To: users@zeppelin.apache.org
Subject: Hiding shiro.ini and other sensitive files from end users

Is there a recommended way to hide secrets contained in shirio.ini and other files?

I made my shell interpreter run as a different user to prevent access to configuration files but from a python interpreter you can run shell commands as the Zeppelin process user.

Is there a way to prevent this?

Thanks
Tony
NOTICE
Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.