You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Jongyoul Lee <jo...@gmail.com> on 2017/11/29 15:44:41 UTC
[DISCUSS] Change some default settings for avoiding unintended usages
Hi, users and dev,
Recently, I've got an issue about the abnormal usage of some interpreters.
Zeppelin's users can access shell by shell and python interpreters. It
means all users can run or execute what they want even if it harms the
system. Thus I agree that we need to change some default settings to
prevent this kind of abusing situation. Before we proceed to do it, I want
to listen to others' opinions.
Feel free to reply this email
Regards,
Jongyoul
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Ruslan Dautkhanov <da...@gmail.com>.
Would be nice if each user's interpreter is started in its own docker
container a-la cloudera data science workbench.
Then each user's shell interpreter is pretty isolated.
Actually, from a CDSW session you could pop up a terminal session to your
container which I found pretty neat.
--
Ruslan Dautkhanov
On Wed, Nov 29, 2017 at 5:00 PM, Jeff Zhang <zj...@gmail.com> wrote:
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
>
>> Hi, users and dev,
>>
>> Recently, I've got an issue about the abnormal usage of some interpreters.
>> Zeppelin's users can access shell by shell and python interpreters. It
>> means all users can run or execute what they want even if it harms the
>> system. Thus I agree that we need to change some default settings to
>> prevent this kind of abusing situation. Before we proceed to do it, I want
>> to listen to others' opinions.
>>
>> Feel free to reply this email
>>
>> Regards,
>> Jongyoul
>>
>> --
>> 이종열, Jongyoul Lee, 李宗烈
>> http://madeng.net
>>
>
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jongyoul Lee <jo...@gmail.com>.
I also worry about well-known password problem. We need to find a way of
generating password randomly at the first time to avoid potential risk, but
it’s not easy on our current shiro setting. Can someone have any good idea
to solve it?
On Sun, 24 Dec 2017 at 3:14 AM Felix Cheung <fe...@hotmail.com>
wrote:
> Authentication by default is good but we should avoid having well known
> user / password by default - it’s security risk.
>
> ________________________________
> From: Belousov Maksim Eduardovich <m....@tinkoff.ru>
> Sent: Thursday, December 21, 2017 12:30:57 AM
> To: users@zeppelin.apache.org
> Cc: dev@zeppelin.apache.org
> Subject: RE: [DISCUSS] Change some default settings for avoiding
> unintended usages
>
> The authentication by default isn't big deal, it's could be enabled.
> It's nice to use another account by default: guest/guest, for example.
>
>
> Thanks,
>
> Maksim Belousov
>
> From: Jongyoul Lee [mailto:jongyoul@gmail.com]
> Sent: Monday, December 18, 2017 6:07 AM
> To: users <us...@zeppelin.apache.org>
> Cc: dev@zeppelin.apache.org
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
>
> Agreed. Supporting container services must be good and I like this idea,
> but I don't think it's the part of this issue directly. Let's talk about
> this issue with another email.
>
> I want to talk about enabling authentication by default. If it's enabled,
> we should login admin/password1 at the beginning. How do you think of it?
>
> On Sat, Dec 2, 2017 at 1:57 AM, Felix Cheung <felixcheung_m@hotmail.com
> <ma...@hotmail.com>> wrote:
> I’d +1 docker or container support (mesos, dc/os, k8s)
>
> But I think that they are separate things. If users are authenticated and
> interpreter is impersonating each user, the risk of system disruption
> should be low. This is typically how to secure things in a system, through
> user directory (eg LDAP) and access control (normal user can’t sudo and
> delete everything).
>
> Thought?
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>>
> Sent: Thursday, November 30, 2017 11:51 PM
>
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>>
> Cc: users <us...@zeppelin.apache.org>>
>
>
> +1 for running interpreter process in docker container.
>
>
>
> Jongyoul Lee <jo...@gmail.com>>于2017年12月1日周五
> 下午3:36写道:
> Yes, exactly, this is not only the shell interpreter problem, all can run
> any script through python and Scala. Shell is just an example.
>
> Using docker looks good but it cannot avoid unindented usage of resources
> like mining coin.
>
> On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <felixcheung_m@hotmail.com
> <ma...@hotmail.com>>
> wrote:
>
> > I don’t think that’s limited to the shell interpreter.
> >
> > You can run any arbitrary program or script from python or Scala (or
> java)
> > as well.
> >
> > _____________________________
> > From: Jeff Zhang <zj...@gmail.com>>
> > Sent: Wednesday, November 29, 2017 4:00 PM
> > Subject: Re: [DISCUSS] Change some default settings for avoiding
> > unintended usages
> > To: <de...@zeppelin.apache.org>>
> > Cc: users <us...@zeppelin.apache.org>>
> >
> >
> >
> > Shell interpreter is a black hole for security, usually we don't
> recommend
> > or allow user to use shell.
> >
> > We may need to refactor the shell interpreter, running under zeppelin
> user
> > is too dangerous.
> >
> >
> >
> >
> >
> > Jongyoul Lee <jo...@gmail.com>>于2017年11月29日周三
> 下午11:44写道:
> >
> > > Hi, users and dev,
> > >
> > > Recently, I've got an issue about the abnormal usage of some
> > interpreters.
> > > Zeppelin's users can access shell by shell and python interpreters. It
> > > means all users can run or execute what they want even if it harms the
> > > system. Thus I agree that we need to change some default settings to
> > > prevent this kind of abusing situation. Before we proceed to do it, I
> > want
> > > to listen to others' opinions.
> > >
> > > Feel free to reply this email
> > >
> > > Regards,
> > > Jongyoul
> > >
> > > --
> > > 이종열, Jongyoul Lee, 李宗烈
> > > http://madeng.net
> > >
> >
> >
> >
>
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
>
>
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jongyoul Lee <jo...@gmail.com>.
I also worry about well-known password problem. We need to find a way of
generating password randomly at the first time to avoid potential risk, but
it’s not easy on our current shiro setting. Can someone have any good idea
to solve it?
On Sun, 24 Dec 2017 at 3:14 AM Felix Cheung <fe...@hotmail.com>
wrote:
> Authentication by default is good but we should avoid having well known
> user / password by default - it’s security risk.
>
> ________________________________
> From: Belousov Maksim Eduardovich <m....@tinkoff.ru>
> Sent: Thursday, December 21, 2017 12:30:57 AM
> To: users@zeppelin.apache.org
> Cc: dev@zeppelin.apache.org
> Subject: RE: [DISCUSS] Change some default settings for avoiding
> unintended usages
>
> The authentication by default isn't big deal, it's could be enabled.
> It's nice to use another account by default: guest/guest, for example.
>
>
> Thanks,
>
> Maksim Belousov
>
> From: Jongyoul Lee [mailto:jongyoul@gmail.com]
> Sent: Monday, December 18, 2017 6:07 AM
> To: users <us...@zeppelin.apache.org>
> Cc: dev@zeppelin.apache.org
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
>
> Agreed. Supporting container services must be good and I like this idea,
> but I don't think it's the part of this issue directly. Let's talk about
> this issue with another email.
>
> I want to talk about enabling authentication by default. If it's enabled,
> we should login admin/password1 at the beginning. How do you think of it?
>
> On Sat, Dec 2, 2017 at 1:57 AM, Felix Cheung <felixcheung_m@hotmail.com
> <ma...@hotmail.com>> wrote:
> I’d +1 docker or container support (mesos, dc/os, k8s)
>
> But I think that they are separate things. If users are authenticated and
> interpreter is impersonating each user, the risk of system disruption
> should be low. This is typically how to secure things in a system, through
> user directory (eg LDAP) and access control (normal user can’t sudo and
> delete everything).
>
> Thought?
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>>
> Sent: Thursday, November 30, 2017 11:51 PM
>
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>>
> Cc: users <us...@zeppelin.apache.org>>
>
>
> +1 for running interpreter process in docker container.
>
>
>
> Jongyoul Lee <jo...@gmail.com>>于2017年12月1日周五
> 下午3:36写道:
> Yes, exactly, this is not only the shell interpreter problem, all can run
> any script through python and Scala. Shell is just an example.
>
> Using docker looks good but it cannot avoid unindented usage of resources
> like mining coin.
>
> On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <felixcheung_m@hotmail.com
> <ma...@hotmail.com>>
> wrote:
>
> > I don’t think that’s limited to the shell interpreter.
> >
> > You can run any arbitrary program or script from python or Scala (or
> java)
> > as well.
> >
> > _____________________________
> > From: Jeff Zhang <zj...@gmail.com>>
> > Sent: Wednesday, November 29, 2017 4:00 PM
> > Subject: Re: [DISCUSS] Change some default settings for avoiding
> > unintended usages
> > To: <de...@zeppelin.apache.org>>
> > Cc: users <us...@zeppelin.apache.org>>
> >
> >
> >
> > Shell interpreter is a black hole for security, usually we don't
> recommend
> > or allow user to use shell.
> >
> > We may need to refactor the shell interpreter, running under zeppelin
> user
> > is too dangerous.
> >
> >
> >
> >
> >
> > Jongyoul Lee <jo...@gmail.com>>于2017年11月29日周三
> 下午11:44写道:
> >
> > > Hi, users and dev,
> > >
> > > Recently, I've got an issue about the abnormal usage of some
> > interpreters.
> > > Zeppelin's users can access shell by shell and python interpreters. It
> > > means all users can run or execute what they want even if it harms the
> > > system. Thus I agree that we need to change some default settings to
> > > prevent this kind of abusing situation. Before we proceed to do it, I
> > want
> > > to listen to others' opinions.
> > >
> > > Feel free to reply this email
> > >
> > > Regards,
> > > Jongyoul
> > >
> > > --
> > > 이종열, Jongyoul Lee, 李宗烈
> > > http://madeng.net
> > >
> >
> >
> >
>
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
>
>
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended
usages
Posted by Felix Cheung <fe...@hotmail.com>.
Authentication by default is good but we should avoid having well known user / password by default - it’s security risk.
________________________________
From: Belousov Maksim Eduardovich <m....@tinkoff.ru>
Sent: Thursday, December 21, 2017 12:30:57 AM
To: users@zeppelin.apache.org
Cc: dev@zeppelin.apache.org
Subject: RE: [DISCUSS] Change some default settings for avoiding unintended usages
The authentication by default isn't big deal, it's could be enabled.
It's nice to use another account by default: guest/guest, for example.
Thanks,
Maksim Belousov
From: Jongyoul Lee [mailto:jongyoul@gmail.com]
Sent: Monday, December 18, 2017 6:07 AM
To: users <us...@zeppelin.apache.org>
Cc: dev@zeppelin.apache.org
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
Agreed. Supporting container services must be good and I like this idea, but I don't think it's the part of this issue directly. Let's talk about this issue with another email.
I want to talk about enabling authentication by default. If it's enabled, we should login admin/password1 at the beginning. How do you think of it?
On Sat, Dec 2, 2017 at 1:57 AM, Felix Cheung <fe...@hotmail.com>> wrote:
I’d +1 docker or container support (mesos, dc/os, k8s)
But I think that they are separate things. If users are authenticated and interpreter is impersonating each user, the risk of system disruption should be low. This is typically how to secure things in a system, through user directory (eg LDAP) and access control (normal user can’t sudo and delete everything).
Thought?
_____________________________
From: Jeff Zhang <zj...@gmail.com>>
Sent: Thursday, November 30, 2017 11:51 PM
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
To: <de...@zeppelin.apache.org>>
Cc: users <us...@zeppelin.apache.org>>
+1 for running interpreter process in docker container.
Jongyoul Lee <jo...@gmail.com>>于2017年12月1日周五 下午3:36写道:
Yes, exactly, this is not only the shell interpreter problem, all can run
any script through python and Scala. Shell is just an example.
Using docker looks good but it cannot avoid unindented usage of resources
like mining coin.
On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>>
wrote:
> I don’t think that’s limited to the shell interpreter.
>
> You can run any arbitrary program or script from python or Scala (or java)
> as well.
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>>
> Sent: Wednesday, November 29, 2017 4:00 PM
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>>
> Cc: users <us...@zeppelin.apache.org>>
>
>
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>>于2017年11月29日周三 下午11:44写道:
>
> > Hi, users and dev,
> >
> > Recently, I've got an issue about the abnormal usage of some
> interpreters.
> > Zeppelin's users can access shell by shell and python interpreters. It
> > means all users can run or execute what they want even if it harms the
> > system. Thus I agree that we need to change some default settings to
> > prevent this kind of abusing situation. Before we proceed to do it, I
> want
> > to listen to others' opinions.
> >
> > Feel free to reply this email
> >
> > Regards,
> > Jongyoul
> >
> > --
> > 이종열, Jongyoul Lee, 李宗烈
> > http://madeng.net
> >
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended
usages
Posted by Felix Cheung <fe...@hotmail.com>.
Authentication by default is good but we should avoid having well known user / password by default - it’s security risk.
________________________________
From: Belousov Maksim Eduardovich <m....@tinkoff.ru>
Sent: Thursday, December 21, 2017 12:30:57 AM
To: users@zeppelin.apache.org
Cc: dev@zeppelin.apache.org
Subject: RE: [DISCUSS] Change some default settings for avoiding unintended usages
The authentication by default isn't big deal, it's could be enabled.
It's nice to use another account by default: guest/guest, for example.
Thanks,
Maksim Belousov
From: Jongyoul Lee [mailto:jongyoul@gmail.com]
Sent: Monday, December 18, 2017 6:07 AM
To: users <us...@zeppelin.apache.org>
Cc: dev@zeppelin.apache.org
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
Agreed. Supporting container services must be good and I like this idea, but I don't think it's the part of this issue directly. Let's talk about this issue with another email.
I want to talk about enabling authentication by default. If it's enabled, we should login admin/password1 at the beginning. How do you think of it?
On Sat, Dec 2, 2017 at 1:57 AM, Felix Cheung <fe...@hotmail.com>> wrote:
I’d +1 docker or container support (mesos, dc/os, k8s)
But I think that they are separate things. If users are authenticated and interpreter is impersonating each user, the risk of system disruption should be low. This is typically how to secure things in a system, through user directory (eg LDAP) and access control (normal user can’t sudo and delete everything).
Thought?
_____________________________
From: Jeff Zhang <zj...@gmail.com>>
Sent: Thursday, November 30, 2017 11:51 PM
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
To: <de...@zeppelin.apache.org>>
Cc: users <us...@zeppelin.apache.org>>
+1 for running interpreter process in docker container.
Jongyoul Lee <jo...@gmail.com>>于2017年12月1日周五 下午3:36写道:
Yes, exactly, this is not only the shell interpreter problem, all can run
any script through python and Scala. Shell is just an example.
Using docker looks good but it cannot avoid unindented usage of resources
like mining coin.
On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>>
wrote:
> I don’t think that’s limited to the shell interpreter.
>
> You can run any arbitrary program or script from python or Scala (or java)
> as well.
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>>
> Sent: Wednesday, November 29, 2017 4:00 PM
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>>
> Cc: users <us...@zeppelin.apache.org>>
>
>
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>>于2017年11月29日周三 下午11:44写道:
>
> > Hi, users and dev,
> >
> > Recently, I've got an issue about the abnormal usage of some
> interpreters.
> > Zeppelin's users can access shell by shell and python interpreters. It
> > means all users can run or execute what they want even if it harms the
> > system. Thus I agree that we need to change some default settings to
> > prevent this kind of abusing situation. Before we proceed to do it, I
> want
> > to listen to others' opinions.
> >
> > Feel free to reply this email
> >
> > Regards,
> > Jongyoul
> >
> > --
> > 이종열, Jongyoul Lee, 李宗烈
> > http://madeng.net
> >
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
RE: [DISCUSS] Change some default settings for avoiding unintended
usages
Posted by Belousov Maksim Eduardovich <m....@tinkoff.ru>.
The authentication by default isn't big deal, it's could be enabled.
It's nice to use another account by default: guest/guest, for example.
Thanks,
Maksim Belousov
From: Jongyoul Lee [mailto:jongyoul@gmail.com]
Sent: Monday, December 18, 2017 6:07 AM
To: users <us...@zeppelin.apache.org>
Cc: dev@zeppelin.apache.org
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
Agreed. Supporting container services must be good and I like this idea, but I don't think it's the part of this issue directly. Let's talk about this issue with another email.
I want to talk about enabling authentication by default. If it's enabled, we should login admin/password1 at the beginning. How do you think of it?
On Sat, Dec 2, 2017 at 1:57 AM, Felix Cheung <fe...@hotmail.com>> wrote:
I’d +1 docker or container support (mesos, dc/os, k8s)
But I think that they are separate things. If users are authenticated and interpreter is impersonating each user, the risk of system disruption should be low. This is typically how to secure things in a system, through user directory (eg LDAP) and access control (normal user can’t sudo and delete everything).
Thought?
_____________________________
From: Jeff Zhang <zj...@gmail.com>>
Sent: Thursday, November 30, 2017 11:51 PM
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
To: <de...@zeppelin.apache.org>>
Cc: users <us...@zeppelin.apache.org>>
+1 for running interpreter process in docker container.
Jongyoul Lee <jo...@gmail.com>>于2017年12月1日周五 下午3:36写道:
Yes, exactly, this is not only the shell interpreter problem, all can run
any script through python and Scala. Shell is just an example.
Using docker looks good but it cannot avoid unindented usage of resources
like mining coin.
On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>>
wrote:
> I don’t think that’s limited to the shell interpreter.
>
> You can run any arbitrary program or script from python or Scala (or java)
> as well.
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>>
> Sent: Wednesday, November 29, 2017 4:00 PM
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>>
> Cc: users <us...@zeppelin.apache.org>>
>
>
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>>于2017年11月29日周三 下午11:44写道:
>
> > Hi, users and dev,
> >
> > Recently, I've got an issue about the abnormal usage of some
> interpreters.
> > Zeppelin's users can access shell by shell and python interpreters. It
> > means all users can run or execute what they want even if it harms the
> > system. Thus I agree that we need to change some default settings to
> > prevent this kind of abusing situation. Before we proceed to do it, I
> want
> > to listen to others' opinions.
> >
> > Feel free to reply this email
> >
> > Regards,
> > Jongyoul
> >
> > --
> > 이종열, Jongyoul Lee, 李宗烈
> > http://madeng.net
> >
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
RE: [DISCUSS] Change some default settings for avoiding unintended
usages
Posted by Belousov Maksim Eduardovich <m....@tinkoff.ru>.
The authentication by default isn't big deal, it's could be enabled.
It's nice to use another account by default: guest/guest, for example.
Thanks,
Maksim Belousov
From: Jongyoul Lee [mailto:jongyoul@gmail.com]
Sent: Monday, December 18, 2017 6:07 AM
To: users <us...@zeppelin.apache.org>
Cc: dev@zeppelin.apache.org
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
Agreed. Supporting container services must be good and I like this idea, but I don't think it's the part of this issue directly. Let's talk about this issue with another email.
I want to talk about enabling authentication by default. If it's enabled, we should login admin/password1 at the beginning. How do you think of it?
On Sat, Dec 2, 2017 at 1:57 AM, Felix Cheung <fe...@hotmail.com>> wrote:
I’d +1 docker or container support (mesos, dc/os, k8s)
But I think that they are separate things. If users are authenticated and interpreter is impersonating each user, the risk of system disruption should be low. This is typically how to secure things in a system, through user directory (eg LDAP) and access control (normal user can’t sudo and delete everything).
Thought?
_____________________________
From: Jeff Zhang <zj...@gmail.com>>
Sent: Thursday, November 30, 2017 11:51 PM
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
To: <de...@zeppelin.apache.org>>
Cc: users <us...@zeppelin.apache.org>>
+1 for running interpreter process in docker container.
Jongyoul Lee <jo...@gmail.com>>于2017年12月1日周五 下午3:36写道:
Yes, exactly, this is not only the shell interpreter problem, all can run
any script through python and Scala. Shell is just an example.
Using docker looks good but it cannot avoid unindented usage of resources
like mining coin.
On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>>
wrote:
> I don’t think that’s limited to the shell interpreter.
>
> You can run any arbitrary program or script from python or Scala (or java)
> as well.
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>>
> Sent: Wednesday, November 29, 2017 4:00 PM
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>>
> Cc: users <us...@zeppelin.apache.org>>
>
>
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>>于2017年11月29日周三 下午11:44写道:
>
> > Hi, users and dev,
> >
> > Recently, I've got an issue about the abnormal usage of some
> interpreters.
> > Zeppelin's users can access shell by shell and python interpreters. It
> > means all users can run or execute what they want even if it harms the
> > system. Thus I agree that we need to change some default settings to
> > prevent this kind of abusing situation. Before we proceed to do it, I
> want
> > to listen to others' opinions.
> >
> > Feel free to reply this email
> >
> > Regards,
> > Jongyoul
> >
> > --
> > 이종열, Jongyoul Lee, 李宗烈
> > http://madeng.net
> >
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jongyoul Lee <jo...@gmail.com>.
Agreed. Supporting container services must be good and I like this idea,
but I don't think it's the part of this issue directly. Let's talk about
this issue with another email.
I want to talk about enabling authentication by default. If it's enabled,
we should login admin/password1 at the beginning. How do you think of it?
On Sat, Dec 2, 2017 at 1:57 AM, Felix Cheung <fe...@hotmail.com>
wrote:
> I’d +1 docker or container support (mesos, dc/os, k8s)
>
> But I think that they are separate things. If users are authenticated and
> interpreter is impersonating each user, the risk of system disruption
> should be low. This is typically how to secure things in a system, through
> user directory (eg LDAP) and access control (normal user can’t sudo and
> delete everything).
>
> Thought?
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>
> Sent: Thursday, November 30, 2017 11:51 PM
>
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>
> Cc: users <us...@zeppelin.apache.org>
>
>
>
> +1 for running interpreter process in docker container.
>
>
>
> Jongyoul Lee <jo...@gmail.com>于2017年12月1日周五 下午3:36写道:
>
>> Yes, exactly, this is not only the shell interpreter problem, all can run
>> any script through python and Scala. Shell is just an example.
>>
>> Using docker looks good but it cannot avoid unindented usage of resources
>> like mining coin.
>>
>> On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>
>> wrote:
>>
>> > I don’t think that’s limited to the shell interpreter.
>> >
>> > You can run any arbitrary program or script from python or Scala (or
>> java)
>> > as well.
>> >
>> > _____________________________
>> > From: Jeff Zhang <zj...@gmail.com>
>> > Sent: Wednesday, November 29, 2017 4:00 PM
>> > Subject: Re: [DISCUSS] Change some default settings for avoiding
>> > unintended usages
>> > To: <de...@zeppelin.apache.org>
>> > Cc: users <us...@zeppelin.apache.org>
>> >
>> >
>> >
>> > Shell interpreter is a black hole for security, usually we don't
>> recommend
>> > or allow user to use shell.
>> >
>> > We may need to refactor the shell interpreter, running under zeppelin
>> user
>> > is too dangerous.
>> >
>> >
>> >
>> >
>> >
>> > Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
>> >
>> > > Hi, users and dev,
>> > >
>> > > Recently, I've got an issue about the abnormal usage of some
>> > interpreters.
>> > > Zeppelin's users can access shell by shell and python interpreters. It
>> > > means all users can run or execute what they want even if it harms the
>> > > system. Thus I agree that we need to change some default settings to
>> > > prevent this kind of abusing situation. Before we proceed to do it, I
>> > want
>> > > to listen to others' opinions.
>> > >
>> > > Feel free to reply this email
>> > >
>> > > Regards,
>> > > Jongyoul
>> > >
>> > > --
>> > > 이종열, Jongyoul Lee, 李宗烈
>> > > http://madeng.net
>> > >
>> >
>> >
>> >
>>
>>
>> --
>> 이종열, Jongyoul Lee, 李宗烈
>> http://madeng.net
>>
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jongyoul Lee <jo...@gmail.com>.
Agreed. Supporting container services must be good and I like this idea,
but I don't think it's the part of this issue directly. Let's talk about
this issue with another email.
I want to talk about enabling authentication by default. If it's enabled,
we should login admin/password1 at the beginning. How do you think of it?
On Sat, Dec 2, 2017 at 1:57 AM, Felix Cheung <fe...@hotmail.com>
wrote:
> I’d +1 docker or container support (mesos, dc/os, k8s)
>
> But I think that they are separate things. If users are authenticated and
> interpreter is impersonating each user, the risk of system disruption
> should be low. This is typically how to secure things in a system, through
> user directory (eg LDAP) and access control (normal user can’t sudo and
> delete everything).
>
> Thought?
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>
> Sent: Thursday, November 30, 2017 11:51 PM
>
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>
> Cc: users <us...@zeppelin.apache.org>
>
>
>
> +1 for running interpreter process in docker container.
>
>
>
> Jongyoul Lee <jo...@gmail.com>于2017年12月1日周五 下午3:36写道:
>
>> Yes, exactly, this is not only the shell interpreter problem, all can run
>> any script through python and Scala. Shell is just an example.
>>
>> Using docker looks good but it cannot avoid unindented usage of resources
>> like mining coin.
>>
>> On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>
>> wrote:
>>
>> > I don’t think that’s limited to the shell interpreter.
>> >
>> > You can run any arbitrary program or script from python or Scala (or
>> java)
>> > as well.
>> >
>> > _____________________________
>> > From: Jeff Zhang <zj...@gmail.com>
>> > Sent: Wednesday, November 29, 2017 4:00 PM
>> > Subject: Re: [DISCUSS] Change some default settings for avoiding
>> > unintended usages
>> > To: <de...@zeppelin.apache.org>
>> > Cc: users <us...@zeppelin.apache.org>
>> >
>> >
>> >
>> > Shell interpreter is a black hole for security, usually we don't
>> recommend
>> > or allow user to use shell.
>> >
>> > We may need to refactor the shell interpreter, running under zeppelin
>> user
>> > is too dangerous.
>> >
>> >
>> >
>> >
>> >
>> > Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
>> >
>> > > Hi, users and dev,
>> > >
>> > > Recently, I've got an issue about the abnormal usage of some
>> > interpreters.
>> > > Zeppelin's users can access shell by shell and python interpreters. It
>> > > means all users can run or execute what they want even if it harms the
>> > > system. Thus I agree that we need to change some default settings to
>> > > prevent this kind of abusing situation. Before we proceed to do it, I
>> > want
>> > > to listen to others' opinions.
>> > >
>> > > Feel free to reply this email
>> > >
>> > > Regards,
>> > > Jongyoul
>> > >
>> > > --
>> > > 이종열, Jongyoul Lee, 李宗烈
>> > > http://madeng.net
>> > >
>> >
>> >
>> >
>>
>>
>> --
>> 이종열, Jongyoul Lee, 李宗烈
>> http://madeng.net
>>
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended
usages
Posted by Felix Cheung <fe...@hotmail.com>.
I’d +1 docker or container support (mesos, dc/os, k8s)
But I think that they are separate things. If users are authenticated and interpreter is impersonating each user, the risk of system disruption should be low. This is typically how to secure things in a system, through user directory (eg LDAP) and access control (normal user can’t sudo and delete everything).
Thought?
_____________________________
From: Jeff Zhang <zj...@gmail.com>
Sent: Thursday, November 30, 2017 11:51 PM
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
To: <de...@zeppelin.apache.org>
Cc: users <us...@zeppelin.apache.org>
+1 for running interpreter process in docker container.
Jongyoul Lee <jo...@gmail.com>>于2017年12月1日周五 下午3:36写道:
Yes, exactly, this is not only the shell interpreter problem, all can run
any script through python and Scala. Shell is just an example.
Using docker looks good but it cannot avoid unindented usage of resources
like mining coin.
On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>>
wrote:
> I don’t think that’s limited to the shell interpreter.
>
> You can run any arbitrary program or script from python or Scala (or java)
> as well.
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>>
> Sent: Wednesday, November 29, 2017 4:00 PM
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>>
> Cc: users <us...@zeppelin.apache.org>>
>
>
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>>于2017年11月29日周三 下午11:44写道:
>
> > Hi, users and dev,
> >
> > Recently, I've got an issue about the abnormal usage of some
> interpreters.
> > Zeppelin's users can access shell by shell and python interpreters. It
> > means all users can run or execute what they want even if it harms the
> > system. Thus I agree that we need to change some default settings to
> > prevent this kind of abusing situation. Before we proceed to do it, I
> want
> > to listen to others' opinions.
> >
> > Feel free to reply this email
> >
> > Regards,
> > Jongyoul
> >
> > --
> > 이종열, Jongyoul Lee, 李宗烈
> > http://madeng.net
> >
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended
usages
Posted by Felix Cheung <fe...@hotmail.com>.
I’d +1 docker or container support (mesos, dc/os, k8s)
But I think that they are separate things. If users are authenticated and interpreter is impersonating each user, the risk of system disruption should be low. This is typically how to secure things in a system, through user directory (eg LDAP) and access control (normal user can’t sudo and delete everything).
Thought?
_____________________________
From: Jeff Zhang <zj...@gmail.com>
Sent: Thursday, November 30, 2017 11:51 PM
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
To: <de...@zeppelin.apache.org>
Cc: users <us...@zeppelin.apache.org>
+1 for running interpreter process in docker container.
Jongyoul Lee <jo...@gmail.com>>于2017年12月1日周五 下午3:36写道:
Yes, exactly, this is not only the shell interpreter problem, all can run
any script through python and Scala. Shell is just an example.
Using docker looks good but it cannot avoid unindented usage of resources
like mining coin.
On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>>
wrote:
> I don’t think that’s limited to the shell interpreter.
>
> You can run any arbitrary program or script from python or Scala (or java)
> as well.
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>>
> Sent: Wednesday, November 29, 2017 4:00 PM
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>>
> Cc: users <us...@zeppelin.apache.org>>
>
>
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>>于2017年11月29日周三 下午11:44写道:
>
> > Hi, users and dev,
> >
> > Recently, I've got an issue about the abnormal usage of some
> interpreters.
> > Zeppelin's users can access shell by shell and python interpreters. It
> > means all users can run or execute what they want even if it harms the
> > system. Thus I agree that we need to change some default settings to
> > prevent this kind of abusing situation. Before we proceed to do it, I
> want
> > to listen to others' opinions.
> >
> > Feel free to reply this email
> >
> > Regards,
> > Jongyoul
> >
> > --
> > 이종열, Jongyoul Lee, 李宗烈
> > http://madeng.net
> >
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jeff Zhang <zj...@gmail.com>.
+1 for running interpreter process in docker container.
Jongyoul Lee <jo...@gmail.com>于2017年12月1日周五 下午3:36写道:
> Yes, exactly, this is not only the shell interpreter problem, all can run
> any script through python and Scala. Shell is just an example.
>
> Using docker looks good but it cannot avoid unindented usage of resources
> like mining coin.
>
> On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>
> wrote:
>
> > I don’t think that’s limited to the shell interpreter.
> >
> > You can run any arbitrary program or script from python or Scala (or
> java)
> > as well.
> >
> > _____________________________
> > From: Jeff Zhang <zj...@gmail.com>
> > Sent: Wednesday, November 29, 2017 4:00 PM
> > Subject: Re: [DISCUSS] Change some default settings for avoiding
> > unintended usages
> > To: <de...@zeppelin.apache.org>
> > Cc: users <us...@zeppelin.apache.org>
> >
> >
> >
> > Shell interpreter is a black hole for security, usually we don't
> recommend
> > or allow user to use shell.
> >
> > We may need to refactor the shell interpreter, running under zeppelin
> user
> > is too dangerous.
> >
> >
> >
> >
> >
> > Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
> >
> > > Hi, users and dev,
> > >
> > > Recently, I've got an issue about the abnormal usage of some
> > interpreters.
> > > Zeppelin's users can access shell by shell and python interpreters. It
> > > means all users can run or execute what they want even if it harms the
> > > system. Thus I agree that we need to change some default settings to
> > > prevent this kind of abusing situation. Before we proceed to do it, I
> > want
> > > to listen to others' opinions.
> > >
> > > Feel free to reply this email
> > >
> > > Regards,
> > > Jongyoul
> > >
> > > --
> > > 이종열, Jongyoul Lee, 李宗烈
> > > http://madeng.net
> > >
> >
> >
> >
>
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jeff Zhang <zj...@gmail.com>.
+1 for running interpreter process in docker container.
Jongyoul Lee <jo...@gmail.com>于2017年12月1日周五 下午3:36写道:
> Yes, exactly, this is not only the shell interpreter problem, all can run
> any script through python and Scala. Shell is just an example.
>
> Using docker looks good but it cannot avoid unindented usage of resources
> like mining coin.
>
> On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>
> wrote:
>
> > I don’t think that’s limited to the shell interpreter.
> >
> > You can run any arbitrary program or script from python or Scala (or
> java)
> > as well.
> >
> > _____________________________
> > From: Jeff Zhang <zj...@gmail.com>
> > Sent: Wednesday, November 29, 2017 4:00 PM
> > Subject: Re: [DISCUSS] Change some default settings for avoiding
> > unintended usages
> > To: <de...@zeppelin.apache.org>
> > Cc: users <us...@zeppelin.apache.org>
> >
> >
> >
> > Shell interpreter is a black hole for security, usually we don't
> recommend
> > or allow user to use shell.
> >
> > We may need to refactor the shell interpreter, running under zeppelin
> user
> > is too dangerous.
> >
> >
> >
> >
> >
> > Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
> >
> > > Hi, users and dev,
> > >
> > > Recently, I've got an issue about the abnormal usage of some
> > interpreters.
> > > Zeppelin's users can access shell by shell and python interpreters. It
> > > means all users can run or execute what they want even if it harms the
> > > system. Thus I agree that we need to change some default settings to
> > > prevent this kind of abusing situation. Before we proceed to do it, I
> > want
> > > to listen to others' opinions.
> > >
> > > Feel free to reply this email
> > >
> > > Regards,
> > > Jongyoul
> > >
> > > --
> > > 이종열, Jongyoul Lee, 李宗烈
> > > http://madeng.net
> > >
> >
> >
> >
>
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jongyoul Lee <jo...@gmail.com>.
Yes, exactly, this is not only the shell interpreter problem, all can run
any script through python and Scala. Shell is just an example.
Using docker looks good but it cannot avoid unindented usage of resources
like mining coin.
On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>
wrote:
> I don’t think that’s limited to the shell interpreter.
>
> You can run any arbitrary program or script from python or Scala (or java)
> as well.
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>
> Sent: Wednesday, November 29, 2017 4:00 PM
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>
> Cc: users <us...@zeppelin.apache.org>
>
>
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
>
> > Hi, users and dev,
> >
> > Recently, I've got an issue about the abnormal usage of some
> interpreters.
> > Zeppelin's users can access shell by shell and python interpreters. It
> > means all users can run or execute what they want even if it harms the
> > system. Thus I agree that we need to change some default settings to
> > prevent this kind of abusing situation. Before we proceed to do it, I
> want
> > to listen to others' opinions.
> >
> > Feel free to reply this email
> >
> > Regards,
> > Jongyoul
> >
> > --
> > 이종열, Jongyoul Lee, 李宗烈
> > http://madeng.net
> >
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jongyoul Lee <jo...@gmail.com>.
Yes, exactly, this is not only the shell interpreter problem, all can run
any script through python and Scala. Shell is just an example.
Using docker looks good but it cannot avoid unindented usage of resources
like mining coin.
On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <fe...@hotmail.com>
wrote:
> I don’t think that’s limited to the shell interpreter.
>
> You can run any arbitrary program or script from python or Scala (or java)
> as well.
>
> _____________________________
> From: Jeff Zhang <zj...@gmail.com>
> Sent: Wednesday, November 29, 2017 4:00 PM
> Subject: Re: [DISCUSS] Change some default settings for avoiding
> unintended usages
> To: <de...@zeppelin.apache.org>
> Cc: users <us...@zeppelin.apache.org>
>
>
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
>
> > Hi, users and dev,
> >
> > Recently, I've got an issue about the abnormal usage of some
> interpreters.
> > Zeppelin's users can access shell by shell and python interpreters. It
> > means all users can run or execute what they want even if it harms the
> > system. Thus I agree that we need to change some default settings to
> > prevent this kind of abusing situation. Before we proceed to do it, I
> want
> > to listen to others' opinions.
> >
> > Feel free to reply this email
> >
> > Regards,
> > Jongyoul
> >
> > --
> > 이종열, Jongyoul Lee, 李宗烈
> > http://madeng.net
> >
>
>
>
--
이종열, Jongyoul Lee, 李宗烈
http://madeng.net
Re: [DISCUSS] Change some default settings for avoiding unintended
usages
Posted by Felix Cheung <fe...@hotmail.com>.
I don’t think that’s limited to the shell interpreter.
You can run any arbitrary program or script from python or Scala (or java) as well.
_____________________________
From: Jeff Zhang <zj...@gmail.com>
Sent: Wednesday, November 29, 2017 4:00 PM
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
To: <de...@zeppelin.apache.org>
Cc: users <us...@zeppelin.apache.org>
Shell interpreter is a black hole for security, usually we don't recommend
or allow user to use shell.
We may need to refactor the shell interpreter, running under zeppelin user
is too dangerous.
Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
> Hi, users and dev,
>
> Recently, I've got an issue about the abnormal usage of some interpreters.
> Zeppelin's users can access shell by shell and python interpreters. It
> means all users can run or execute what they want even if it harms the
> system. Thus I agree that we need to change some default settings to
> prevent this kind of abusing situation. Before we proceed to do it, I want
> to listen to others' opinions.
>
> Feel free to reply this email
>
> Regards,
> Jongyoul
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Ruslan Dautkhanov <da...@gmail.com>.
Would be nice if each user's interpreter is started in its own docker
container a-la cloudera data science workbench.
Then each user's shell interpreter is pretty isolated.
Actually, from a CDSW session you could pop up a terminal session to your
container which I found pretty neat.
--
Ruslan Dautkhanov
On Wed, Nov 29, 2017 at 5:00 PM, Jeff Zhang <zj...@gmail.com> wrote:
>
> Shell interpreter is a black hole for security, usually we don't recommend
> or allow user to use shell.
>
> We may need to refactor the shell interpreter, running under zeppelin user
> is too dangerous.
>
>
>
>
>
> Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
>
>> Hi, users and dev,
>>
>> Recently, I've got an issue about the abnormal usage of some interpreters.
>> Zeppelin's users can access shell by shell and python interpreters. It
>> means all users can run or execute what they want even if it harms the
>> system. Thus I agree that we need to change some default settings to
>> prevent this kind of abusing situation. Before we proceed to do it, I want
>> to listen to others' opinions.
>>
>> Feel free to reply this email
>>
>> Regards,
>> Jongyoul
>>
>> --
>> 이종열, Jongyoul Lee, 李宗烈
>> http://madeng.net
>>
>
Re: [DISCUSS] Change some default settings for avoiding unintended
usages
Posted by Felix Cheung <fe...@hotmail.com>.
I don’t think that’s limited to the shell interpreter.
You can run any arbitrary program or script from python or Scala (or java) as well.
_____________________________
From: Jeff Zhang <zj...@gmail.com>
Sent: Wednesday, November 29, 2017 4:00 PM
Subject: Re: [DISCUSS] Change some default settings for avoiding unintended usages
To: <de...@zeppelin.apache.org>
Cc: users <us...@zeppelin.apache.org>
Shell interpreter is a black hole for security, usually we don't recommend
or allow user to use shell.
We may need to refactor the shell interpreter, running under zeppelin user
is too dangerous.
Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
> Hi, users and dev,
>
> Recently, I've got an issue about the abnormal usage of some interpreters.
> Zeppelin's users can access shell by shell and python interpreters. It
> means all users can run or execute what they want even if it harms the
> system. Thus I agree that we need to change some default settings to
> prevent this kind of abusing situation. Before we proceed to do it, I want
> to listen to others' opinions.
>
> Feel free to reply this email
>
> Regards,
> Jongyoul
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jeff Zhang <zj...@gmail.com>.
Shell interpreter is a black hole for security, usually we don't recommend
or allow user to use shell.
We may need to refactor the shell interpreter, running under zeppelin user
is too dangerous.
Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
> Hi, users and dev,
>
> Recently, I've got an issue about the abnormal usage of some interpreters.
> Zeppelin's users can access shell by shell and python interpreters. It
> means all users can run or execute what they want even if it harms the
> system. Thus I agree that we need to change some default settings to
> prevent this kind of abusing situation. Before we proceed to do it, I want
> to listen to others' opinions.
>
> Feel free to reply this email
>
> Regards,
> Jongyoul
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>
Re: [DISCUSS] Change some default settings for avoiding unintended usages
Posted by Jeff Zhang <zj...@gmail.com>.
Shell interpreter is a black hole for security, usually we don't recommend
or allow user to use shell.
We may need to refactor the shell interpreter, running under zeppelin user
is too dangerous.
Jongyoul Lee <jo...@gmail.com>于2017年11月29日周三 下午11:44写道:
> Hi, users and dev,
>
> Recently, I've got an issue about the abnormal usage of some interpreters.
> Zeppelin's users can access shell by shell and python interpreters. It
> means all users can run or execute what they want even if it harms the
> system. Thus I agree that we need to change some default settings to
> prevent this kind of abusing situation. Before we proceed to do it, I want
> to listen to others' opinions.
>
> Feel free to reply this email
>
> Regards,
> Jongyoul
>
> --
> 이종열, Jongyoul Lee, 李宗烈
> http://madeng.net
>