Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.7.0
    • Component/s: None
    • Labels:
      None

      Description

      While running a Notebook using shell, spark, python uses same user as which zeppelin server is running. Which means these interprets have same permission on file system as zeppelin server.

      IMO user should have option to run these interpreters as different user.

        Issue Links

          Activity

          Hide
          githubbot ASF GitHub Bot added a comment -

          GitHub user prabhjyotsingh opened a pull request:

          https://github.com/apache/zeppelin/pull/1322

          ZEPPELIN-1320 Security fix for Shell/Spark and Python Interpreter

              1. What is this PR for?
                While running a Notebook using shell, spark, python uses same user as which zeppelin server is running. Which means these interprets have same permission on file system as zeppelin server.
                IMO user should have option to run these interpreters as different user.
              1. What type of PR is it?
                [Improvement]
              1. Todos
          • [ ] - Update doc
              1. What is the Jira issue?
              1. How should this be tested?
          • Add an user in system say "zeppelin-interpreter"
          • Add ssh key for the same
            ```
            ssh-keygen
            ssh zeppelin-interpreter@localhost mkdir -p .ssh
            cat ~/.ssh/id_rsa.pub | ssh zeppelin-interpreter@localhost 'cat >> .ssh/authorized_keys'
            ```
          • Add `export ZEPPELIN_INTERPRETER_USER="zeppelin-interpreter"` in `zeppelin-env.sh`
          • Start zeppelin server, try and run following in paragraph in a notebook

          ```
          %sh
          whoami
          ```

          Check that it should run as new user, i.e. "zeppelin-interpreter"

              1. Screenshots (if appropriate)

          <img width="1440" alt="screen shot 2016-08-11 at 8 45 12 pm" src="https://cloud.githubusercontent.com/assets/674497/17593747/8c9eb096-6004-11e6-8487-3e44a1a0d6eb.png">

              1. Questions:
          • Does the licenses files need update? no
          • Is there breaking changes for older versions? no
          • Does this needs documentation? yes

          You can merge this pull request into a Git repository by running:

          $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1320

          Alternatively you can review and apply these changes as the patch at:

          https://github.com/apache/zeppelin/pull/1322.patch

          To close this pull request, make a commit to your master/trunk branch
          with (at least) the following in the commit message:

          This closes #1322


          commit 6aafac445db4cd8944caa07280fcdbebb2faea0f
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.com>
          Date: 2016-08-11T15:08:12Z

          user should have option to run these interpreters as different user.


          Show
          githubbot ASF GitHub Bot added a comment - GitHub user prabhjyotsingh opened a pull request: https://github.com/apache/zeppelin/pull/1322 ZEPPELIN-1320 Security fix for Shell/Spark and Python Interpreter What is this PR for? While running a Notebook using shell, spark, python uses same user as which zeppelin server is running. Which means these interprets have same permission on file system as zeppelin server. IMO user should have option to run these interpreters as different user. What type of PR is it? [Improvement] Todos [ ] - Update doc What is the Jira issue? ZEPPELIN-1320 ( https://issues.apache.org/jira/browse/ZEPPELIN-1320 ) How should this be tested? Add an user in system say "zeppelin-interpreter" Add ssh key for the same ``` ssh-keygen ssh zeppelin-interpreter@localhost mkdir -p .ssh cat ~/.ssh/id_rsa.pub | ssh zeppelin-interpreter@localhost 'cat >> .ssh/authorized_keys' ``` Add `export ZEPPELIN_INTERPRETER_USER="zeppelin-interpreter"` in `zeppelin-env.sh` Start zeppelin server, try and run following in paragraph in a notebook ``` %sh whoami ``` Check that it should run as new user, i.e. "zeppelin-interpreter" Screenshots (if appropriate) <img width="1440" alt="screen shot 2016-08-11 at 8 45 12 pm" src="https://cloud.githubusercontent.com/assets/674497/17593747/8c9eb096-6004-11e6-8487-3e44a1a0d6eb.png"> Questions: Does the licenses files need update? no Is there breaking changes for older versions? no Does this needs documentation? yes You can merge this pull request into a Git repository by running: $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1320 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/zeppelin/pull/1322.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1322 commit 6aafac445db4cd8944caa07280fcdbebb2faea0f Author: Prabhjyot Singh <prabhjyotsingh@gmail.com> Date: 2016-08-11T15:08:12Z user should have option to run these interpreters as different user.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user felixcheung commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          shouldn't interpreter process be impersonating the user logging onto the web front end?

          Show
          githubbot ASF GitHub Bot added a comment - Github user felixcheung commented on the issue: https://github.com/apache/zeppelin/pull/1322 shouldn't interpreter process be impersonating the user logging onto the web front end?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          @felixcheung Fair point, let me try and do it, will change the title to WIP for now.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 @felixcheung Fair point, let me try and do it, will change the title to WIP for now.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          CI green! Ready for review.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 CI green! Ready for review.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user jongyoul commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          I agree that it's simple way to use ssh to support impersonation. but I'm worried about it. First, we should consider not to use ssh server in a local machine. It's disabled on Mac by default and in case of Windows users, they might not have any ssh server. Second, even if all of users can use connect their machine via ssh, all of users' name should be the same as system users. AFAIK, Some Zeppelin use cases, the system admin uses virtual users as well. Do you think of it?

          Show
          githubbot ASF GitHub Bot added a comment - Github user jongyoul commented on the issue: https://github.com/apache/zeppelin/pull/1322 I agree that it's simple way to use ssh to support impersonation. but I'm worried about it. First, we should consider not to use ssh server in a local machine. It's disabled on Mac by default and in case of Windows users, they might not have any ssh server. Second, even if all of users can use connect their machine via ssh, all of users' name should be the same as system users. AFAIK, Some Zeppelin use cases, the system admin uses virtual users as well. Do you think of it?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Yes, I thought about the usage in mac and windows, and initially started of with using `RUNAS $

          {userName}` for windows and `su - ${userName}

          ` for *nix systems, but then it requires zeppelin server to run as root. Hence, implemented with `ssh $

          {userName}

          @localhost`.

          Have not thought about the cases in which system admin uses virtual users.

          Now since with this, we are able to propagate end web user to RemoteInterpreterManagedProcess.start, we can choose to use some other mechanism in `interpreter.sh`/`interpreter.cmd` instead of "ssh", or may be make it configurable using some extra config in "zeppelin-env.sh"

          What do you recommend, that would be a secure and all full proof mechanism by which we can run interpreter as different user ?

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 Yes, I thought about the usage in mac and windows, and initially started of with using `RUNAS $ {userName}` for windows and `su - ${userName} ` for *nix systems, but then it requires zeppelin server to run as root. Hence, implemented with `ssh $ {userName} @localhost`. Have not thought about the cases in which system admin uses virtual users. Now since with this, we are able to propagate end web user to RemoteInterpreterManagedProcess.start, we can choose to use some other mechanism in `interpreter.sh`/`interpreter.cmd` instead of "ssh", or may be make it configurable using some extra config in "zeppelin-env.sh" What do you recommend, that would be a secure and all full proof mechanism by which we can run interpreter as different user ?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user jongyoul commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          @prabhjyotsingh I don't know how to support different users' environments fully, actually. But I think it's better to use `RUNAS ~` and `su - ~` and using `ssh` without password make some security issues. In case Mesos, it uses that way to support restrict resources. But I never see using `ssh` without password. How do you think of it?

          Show
          githubbot ASF GitHub Bot added a comment - Github user jongyoul commented on the issue: https://github.com/apache/zeppelin/pull/1322 @prabhjyotsingh I don't know how to support different users' environments fully, actually. But I think it's better to use `RUNAS ~` and `su - ~` and using `ssh` without password make some security issues. In case Mesos, it uses that way to support restrict resources. But I never see using `ssh` without password. How do you think of it?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user jongyoul commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          @prabhjyotsingh Without issues above, Could you check this PR support `scoped` as well which uses multiple threads in one process?

          Show
          githubbot ASF GitHub Bot added a comment - Github user jongyoul commented on the issue: https://github.com/apache/zeppelin/pull/1322 @prabhjyotsingh Without issues above, Could you check this PR support `scoped` as well which uses multiple threads in one process?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user Leemoonsoo commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          If i add one more,
          What do you guys think about adding an option `Impersonate` in the interpreter setting on GUI?

          That'll give user flexibility of selecting current behavior (without impersonation) and new behavior. Otherwise, this PR will make incompatible user behavior change.

          Show
          githubbot ASF GitHub Bot added a comment - Github user Leemoonsoo commented on the issue: https://github.com/apache/zeppelin/pull/1322 If i add one more, What do you guys think about adding an option `Impersonate` in the interpreter setting on GUI? That'll give user flexibility of selecting current behavior (without impersonation) and new behavior. Otherwise, this PR will make incompatible user behavior change.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          > It's better to use RUNAS ~ and su - ~

          @jongyoul How about I make `use RUNAS ~ and su - ~` by default, but if in `zeppelin-env.sh` a property say `USE_SSH_IMPERSONATION` is set to true, then it will use `ssh web-user@localhost` in this way user gets to decide, what is best suited for their user case.

          >Could you check this PR support `scoped` as well which uses multiple threads in one process?

          Yes I've checked this with Shell and Python interpreter it was working as expected.

          @Leemoonsoo, yes agreed, I too think this options should be there, and have implemented it as well. If you take a look at GIF attached in this PR description, it's doing that you are asking for

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 > It's better to use RUNAS ~ and su - ~ @jongyoul How about I make `use RUNAS ~ and su - ~` by default, but if in `zeppelin-env.sh` a property say `USE_SSH_IMPERSONATION` is set to true, then it will use `ssh web-user@localhost` in this way user gets to decide, what is best suited for their user case. >Could you check this PR support `scoped` as well which uses multiple threads in one process? Yes I've checked this with Shell and Python interpreter it was working as expected. @Leemoonsoo, yes agreed, I too think this options should be there, and have implemented it as well. If you take a look at GIF attached in this PR description, it's doing that you are asking for
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user echarles commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Whatever `su` or `ssh` is used, I feel the main trick is the user provisioning on the host running the interpreter. Until now, the shiro authentication system had no impact on the user provisioning. This PR changes this.

          I guess we all agree and are aware that adding user `foo` to shiro.ini, and enabling impersonation, will require to run `adduser foo` manually.

          We should make this clear in the doc but also stress it in the UI (with a hover, or a clear text/link near the <checkbox> User Impersonate.

          Show
          githubbot ASF GitHub Bot added a comment - Github user echarles commented on the issue: https://github.com/apache/zeppelin/pull/1322 Whatever `su` or `ssh` is used, I feel the main trick is the user provisioning on the host running the interpreter. Until now, the shiro authentication system had no impact on the user provisioning. This PR changes this. I guess we all agree and are aware that adding user `foo` to shiro.ini, and enabling impersonation, will require to run `adduser foo` manually. We should make this clear in the doc but also stress it in the UI (with a hover, or a clear text/link near the <checkbox> User Impersonate.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          @echarles , Yes agreed, will need to update in doc, and a extra toolbar near the check box where user can enable User Impersonate.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 @echarles , Yes agreed, will need to update in doc, and a extra toolbar near the check box where user can enable User Impersonate.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user echarles commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          To make ZEPPELIN-1337 Umbrella for multiple user support for zeppelin more readable, should we rename the following:

          • ZEPPELIN-1340: "Run Hadoop-based interpreter process on Kerberos as web front end user"
          • ZEPPELIN-1320: "Run zeppelin interpreter process as web front end user"
          Show
          githubbot ASF GitHub Bot added a comment - Github user echarles commented on the issue: https://github.com/apache/zeppelin/pull/1322 To make ZEPPELIN-1337 Umbrella for multiple user support for zeppelin more readable, should we rename the following: ZEPPELIN-1340 : "Run Hadoop-based interpreter process on Kerberos as web front end user" ZEPPELIN-1320 : "Run zeppelin interpreter process as web front end user"
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user echarles commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          ... and make ZEPPELIN-1320 a subtask of ZEPPELIN-1337

          ?

          Show
          githubbot ASF GitHub Bot added a comment - Github user echarles commented on the issue: https://github.com/apache/zeppelin/pull/1322 ... and make ZEPPELIN-1320 a subtask of ZEPPELIN-1337 ?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Yes, you are right, let me do it right away.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 Yes, you are right, let me do it right away.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user jongyoul commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          @prabhjyotsingh I agree @echarles's idea. Interpreter tries to find hadoop dependencies first and if it passes, it uses `doAs`. Otherwise, let's talk about how to do it. How do you think of it?

          Show
          githubbot ASF GitHub Bot added a comment - Github user jongyoul commented on the issue: https://github.com/apache/zeppelin/pull/1322 @prabhjyotsingh I agree @echarles's idea. Interpreter tries to find hadoop dependencies first and if it passes, it uses `doAs`. Otherwise, let's talk about how to do it. How do you think of it?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Sure, In this PR I was only thinking about the otherwise case i.e. in the environment where hadoop dependencies where not present, and hence start interpreter as end-web-user.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 Sure, In this PR I was only thinking about the otherwise case i.e. in the environment where hadoop dependencies where not present, and hence start interpreter as end-web-user.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user echarles commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Btw, for the hadoop case (or spark on yarn case), this PR may give an issue for `doAs`.

          Typically, you configure `hadoop.proxyuser.foo.hosts` and `hadoop.proxyuser.foo.group`, `foo` being the os/kerberos user under which you run your java code that calls doAs.

          If we run ssh/su as the front-end user, we will not fullfill what the hadoop/yarn cluster is expecting.

          We thus should have two checkboxes:

          • One for the OS/kerberos impersonation (this PR only adresses OS).
          • The other for Hadoop impersonation.

          If you select one, I would expect the other one to be disabled.

          Show
          githubbot ASF GitHub Bot added a comment - Github user echarles commented on the issue: https://github.com/apache/zeppelin/pull/1322 Btw, for the hadoop case (or spark on yarn case), this PR may give an issue for `doAs`. Typically, you configure `hadoop.proxyuser.foo.hosts` and `hadoop.proxyuser.foo.group`, `foo` being the os/kerberos user under which you run your java code that calls doAs. If we run ssh/su as the front-end user, we will not fullfill what the hadoop/yarn cluster is expecting. We thus should have two checkboxes: One for the OS/kerberos impersonation (this PR only adresses OS). The other for Hadoop impersonation. If you select one, I would expect the other one to be disabled.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Agreed @echarles, the `doAs` part will be a problem, until ZEPPELIN-1340(https://issues.apache.org/jira/browse/ZEPPELIN-1340) is resolved. Until then for security we may have to run half interpreter with "User Impersonate" enable from UI (for example shell, python interpreter), and for others use the standard `doAs` already implemented (like livy, spark, jdbc)

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 Agreed @echarles, the `doAs` part will be a problem, until ZEPPELIN-1340 ( https://issues.apache.org/jira/browse/ZEPPELIN-1340 ) is resolved. Until then for security we may have to run half interpreter with "User Impersonate" enable from UI (for example shell, python interpreter), and for others use the standard `doAs` already implemented (like livy, spark, jdbc)
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user Leemoonsoo commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Instead of `USE_SSH_IMPERSONATION`, how about let user customize impersonation method?
          For example,
          ```
          ZEPPELIN_INTERPRETER_IMPERSONATION_CMD="su - $

          {ZEPPELIN_USER_NAME}"
          ```
          by default. but user can override this env variable, like
          ```
          ZEPPELIN_INTERPRETER_IMPERSONATION_CMD="ssh -p12345 ${ZEPPELIN_USER_NAME}

          @localhost"
          ```
          It gives more flexibility i think. (e.g. give additional options like -p. use different command to impersonate)

          Show
          githubbot ASF GitHub Bot added a comment - Github user Leemoonsoo commented on the issue: https://github.com/apache/zeppelin/pull/1322 Instead of `USE_SSH_IMPERSONATION`, how about let user customize impersonation method? For example, ``` ZEPPELIN_INTERPRETER_IMPERSONATION_CMD="su - $ {ZEPPELIN_USER_NAME}" ``` by default. but user can override this env variable, like ``` ZEPPELIN_INTERPRETER_IMPERSONATION_CMD="ssh -p12345 ${ZEPPELIN_USER_NAME} @localhost" ``` It gives more flexibility i think. (e.g. give additional options like -p. use different command to impersonate)
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          @Leemoonsoo yes thats a good suggestion. Let me try and do it.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 @Leemoonsoo yes thats a good suggestion. Let me try and do it.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user astroshim commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          I got following checkstyle error while building source.
          ```
          [INFO] There are 1 checkstyle errors.
          [ERROR] NotebookServer.java[1381] (sizes) LineLength: Line is longer than 100 characters (found 102).
          ```
          @prabhjyotsingh Could you fix this?

          Show
          githubbot ASF GitHub Bot added a comment - Github user astroshim commented on the issue: https://github.com/apache/zeppelin/pull/1322 I got following checkstyle error while building source. ``` [INFO] There are 1 checkstyle errors. [ERROR] NotebookServer.java [1381] (sizes) LineLength: Line is longer than 100 characters (found 102). ``` @prabhjyotsingh Could you fix this?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh closed the pull request at:

          https://github.com/apache/zeppelin/pull/1322

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh closed the pull request at: https://github.com/apache/zeppelin/pull/1322
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Closing this, will open a new one with merge of https://github.com/apache/zeppelin/pull/1265.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 Closing this, will open a new one with merge of https://github.com/apache/zeppelin/pull/1265 .
          Hide
          githubbot ASF GitHub Bot added a comment -

          GitHub user prabhjyotsingh opened a pull request:

          https://github.com/apache/zeppelin/pull/1554

          ZEPPELIN-1320 Run zeppelin interpreter process as web front end user

          Have recreated this from https://github.com/apache/zeppelin/pull/1322

              1. What is this PR for?

          While running a Notebook using shell, spark, python uses same user as which zeppelin server is running. Which means these interprets have same permission on file system as zeppelin server.
          IMO users should be able to impersonate themselves as a complete security system.

              1. What type of PR is it?
                [Improvement]
              1. Todos
          • [ ] - Update doc
          • [x] - FIX NPEs
          • [x] - FIX CI
              1. What is the Jira issue?
              1. How should this be tested?
          • Enable shiro auth in shiro.ini
          • Add ssh key for the same user you want to try and impersonate (say user1).
            ```
            adduser user1
            ssh-keygen
            ssh user1@localhost mkdir -p .ssh
            cat ~/.ssh/id_rsa.pub | ssh user1@localhost 'cat >> .ssh/authorized_keys'
            ```
          • Start zeppelin server, try and run following in paragraph in a notebook
          • Go to interpreter setting page, and enable "User Impersonate" in any of the interpreter (in my example its shell interpreter)

          ```
          %sh
          whoami
          ```

          Check that it should run as new user, i.e. "user1"

              1. Screenshots (if appropriate)

          ![user impersonate](https://cloud.githubusercontent.com/assets/674497/17700306/d9294e80-63e2-11e6-8be8-1c4b84ef5aee.gif)

              1. Questions:
          • Does the licenses files need update? no
          • Is there breaking changes for older versions? no
          • Does this needs documentation? yes

          You can merge this pull request into a Git repository by running:

          $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1320-2

          Alternatively you can review and apply these changes as the patch at:

          https://github.com/apache/zeppelin/pull/1554.patch

          To close this pull request, make a commit to your master/trunk branch
          with (at least) the following in the commit message:

          This closes #1554


          commit aff1bf0645785102bff90e99150d40d8bbc2f03d
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.org>
          Date: 2016-10-23T07:46:59Z

          user should have option to run these interpreters as different user.


          Show
          githubbot ASF GitHub Bot added a comment - GitHub user prabhjyotsingh opened a pull request: https://github.com/apache/zeppelin/pull/1554 ZEPPELIN-1320 Run zeppelin interpreter process as web front end user Have recreated this from https://github.com/apache/zeppelin/pull/1322 What is this PR for? While running a Notebook using shell, spark, python uses same user as which zeppelin server is running. Which means these interprets have same permission on file system as zeppelin server. IMO users should be able to impersonate themselves as a complete security system. What type of PR is it? [Improvement] Todos [ ] - Update doc [x] - FIX NPEs [x] - FIX CI What is the Jira issue? ZEPPELIN-1320 ( https://issues.apache.org/jira/browse/ZEPPELIN-1320 ) How should this be tested? Enable shiro auth in shiro.ini Add ssh key for the same user you want to try and impersonate (say user1). ``` adduser user1 ssh-keygen ssh user1@localhost mkdir -p .ssh cat ~/.ssh/id_rsa.pub | ssh user1@localhost 'cat >> .ssh/authorized_keys' ``` Start zeppelin server, try and run following in paragraph in a notebook Go to interpreter setting page, and enable "User Impersonate" in any of the interpreter (in my example its shell interpreter) ``` %sh whoami ``` Check that it should run as new user, i.e. "user1" Screenshots (if appropriate) ! [user impersonate] ( https://cloud.githubusercontent.com/assets/674497/17700306/d9294e80-63e2-11e6-8be8-1c4b84ef5aee.gif ) Questions: Does the licenses files need update? no Is there breaking changes for older versions? no Does this needs documentation? yes You can merge this pull request into a Git repository by running: $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1320 -2 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/zeppelin/pull/1554.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1554 commit aff1bf0645785102bff90e99150d40d8bbc2f03d Author: Prabhjyot Singh <prabhjyotsingh@gmail.org> Date: 2016-10-23T07:46:59Z user should have option to run these interpreters as different user.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1554

          know issue: restart on interpreter does not work as expected.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1554 know issue: restart on interpreter does not work as expected.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user Leemoonsoo commented on the issue:

          https://github.com/apache/zeppelin/pull/1554

          @prabhjyotsingh Do you think is there a way to impersonate without adding ssh key when user logged in using PAM authentication https://github.com/apache/zeppelin/pull/1589?

          Show
          githubbot ASF GitHub Bot added a comment - Github user Leemoonsoo commented on the issue: https://github.com/apache/zeppelin/pull/1554 @prabhjyotsingh Do you think is there a way to impersonate without adding ssh key when user logged in using PAM authentication https://github.com/apache/zeppelin/pull/1589?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1554

          Sure let me check, I think it could be possible.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1554 Sure let me check, I think it could be possible.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1554

          Updated screen shot, ready for review.

          @Leemoonsoo I'll try to take care of "PAM authentication" in a different PR.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1554 Updated screen shot, ready for review. @Leemoonsoo I'll try to take care of "PAM authentication" in a different PR.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user r-kamath commented on the issue:

          https://github.com/apache/zeppelin/pull/1554

          @prabhjyotsingh LGTM.
          Thanks for the documentation.

          Show
          githubbot ASF GitHub Bot added a comment - Github user r-kamath commented on the issue: https://github.com/apache/zeppelin/pull/1554 @prabhjyotsingh LGTM. Thanks for the documentation.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh closed the pull request at:

          https://github.com/apache/zeppelin/pull/1554

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh closed the pull request at: https://github.com/apache/zeppelin/pull/1554
          Hide
          githubbot ASF GitHub Bot added a comment -

          GitHub user prabhjyotsingh reopened a pull request:

          https://github.com/apache/zeppelin/pull/1554

          ZEPPELIN-1320 Run zeppelin interpreter process as web front end user

          Have recreated this from https://github.com/apache/zeppelin/pull/1322

              1. What is this PR for?

          While running a Notebook using shell, spark, python uses same user as which zeppelin server is running. Which means these interprets have same permission on file system as zeppelin server.
          IMO users should be able to impersonate themselves as a complete security system.

              1. What type of PR is it?

          [Improvement]

              1. Todos

          ```
          adduser user1
          ssh-keygen
          ssh user1@localhost mkdir -p .ssh
          cat ~/.ssh/id_rsa.pub | ssh user1@localhost 'cat >> .ssh/authorized_keys'
          ```

          • Start zeppelin server, try and run following in paragraph in a notebook
          • Go to interpreter setting page, and enable "User Impersonate" in any of the interpreter (in my example its shell interpreter)

          ```
          %sh
          whoami
          ```

          Check that it should run as new user, i.e. "user1"

              1. Screenshots (if appropriate)

          ![user impersonate](https://cloud.githubusercontent.com/assets/674497/20213127/f32fdc52-a82c-11e6-8e33-aebd6a943c5f.gif)

              1. Questions:
          • Does the licenses files need update? no
          • Is there breaking changes for older versions? no
          • Does this needs documentation? yes

          You can merge this pull request into a Git repository by running:

          $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1320-2

          Alternatively you can review and apply these changes as the patch at:

          https://github.com/apache/zeppelin/pull/1554.patch

          To close this pull request, make a commit to your master/trunk branch
          with (at least) the following in the commit message:

          This closes #1554


          commit aff1bf0645785102bff90e99150d40d8bbc2f03d
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.org>
          Date: 2016-10-23T07:46:59Z

          user should have option to run these interpreters as different user.

          commit dd0731d540175cef0de5bb63ad7a4a11db024600
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.org>
          Date: 2016-10-23T07:57:14Z

          fix missing test cases

          commit 0ff80ec987b803e40967a626cdb1b13e0caa0507
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.org>
          Date: 2016-10-28T05:48:38Z

          Merge remote-tracking branch 'origin/master' into ZEPPELIN-1320-2

          commit 03b2f203e807ecf10bd37a998224c100a5ded557
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.org>
          Date: 2016-10-31T05:27:20Z

          use user instead of ""

          commit 02c308423a28bdc0e5e598cfde8e089591c31172
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.org>
          Date: 2016-11-10T03:53:54Z

          Merge remote-tracking branch 'origin/master' into ZEPPELIN-1320-2

          commit 5a76839750f544a59b034947dbf78e5449f93c87
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.org>
          Date: 2016-11-10T06:29:22Z

          show User Impersonate only when interpreter setting is "per user" and "isolated"

          commit 1b26cc09c8da9f1219296454fa9e12ecd8558dfd
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.org>
          Date: 2016-11-14T09:32:04Z

          add doc

          commit dc69c9d2d3c520d4a0d354373f451ad66f9c8435
          Author: Prabhjyot Singh <prabhjyotsingh@gmail.org>
          Date: 2016-11-16T08:08:43Z

          @Leemoonsoo review comment: making ZEPPELIN_SSH_COMMAND configurable


          Show
          githubbot ASF GitHub Bot added a comment - GitHub user prabhjyotsingh reopened a pull request: https://github.com/apache/zeppelin/pull/1554 ZEPPELIN-1320 Run zeppelin interpreter process as web front end user Have recreated this from https://github.com/apache/zeppelin/pull/1322 What is this PR for? While running a Notebook using shell, spark, python uses same user as which zeppelin server is running. Which means these interprets have same permission on file system as zeppelin server. IMO users should be able to impersonate themselves as a complete security system. What type of PR is it? [Improvement] Todos [x] - Update doc [x] - FIX NPEs [x] - FIX CI What is the Jira issue? ZEPPELIN-1320 ( https://issues.apache.org/jira/browse/ZEPPELIN-1320 ) How should this be tested? Enable shiro auth in shiro.ini Add ssh key for the same user you want to try and impersonate (say user1). ``` adduser user1 ssh-keygen ssh user1@localhost mkdir -p .ssh cat ~/.ssh/id_rsa.pub | ssh user1@localhost 'cat >> .ssh/authorized_keys' ``` Start zeppelin server, try and run following in paragraph in a notebook Go to interpreter setting page, and enable "User Impersonate" in any of the interpreter (in my example its shell interpreter) ``` %sh whoami ``` Check that it should run as new user, i.e. "user1" Screenshots (if appropriate) ! [user impersonate] ( https://cloud.githubusercontent.com/assets/674497/20213127/f32fdc52-a82c-11e6-8e33-aebd6a943c5f.gif ) Questions: Does the licenses files need update? no Is there breaking changes for older versions? no Does this needs documentation? yes You can merge this pull request into a Git repository by running: $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1320 -2 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/zeppelin/pull/1554.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1554 commit aff1bf0645785102bff90e99150d40d8bbc2f03d Author: Prabhjyot Singh <prabhjyotsingh@gmail.org> Date: 2016-10-23T07:46:59Z user should have option to run these interpreters as different user. commit dd0731d540175cef0de5bb63ad7a4a11db024600 Author: Prabhjyot Singh <prabhjyotsingh@gmail.org> Date: 2016-10-23T07:57:14Z fix missing test cases commit 0ff80ec987b803e40967a626cdb1b13e0caa0507 Author: Prabhjyot Singh <prabhjyotsingh@gmail.org> Date: 2016-10-28T05:48:38Z Merge remote-tracking branch 'origin/master' into ZEPPELIN-1320 -2 commit 03b2f203e807ecf10bd37a998224c100a5ded557 Author: Prabhjyot Singh <prabhjyotsingh@gmail.org> Date: 2016-10-31T05:27:20Z use user instead of "" commit 02c308423a28bdc0e5e598cfde8e089591c31172 Author: Prabhjyot Singh <prabhjyotsingh@gmail.org> Date: 2016-11-10T03:53:54Z Merge remote-tracking branch 'origin/master' into ZEPPELIN-1320 -2 commit 5a76839750f544a59b034947dbf78e5449f93c87 Author: Prabhjyot Singh <prabhjyotsingh@gmail.org> Date: 2016-11-10T06:29:22Z show User Impersonate only when interpreter setting is "per user" and "isolated" commit 1b26cc09c8da9f1219296454fa9e12ecd8558dfd Author: Prabhjyot Singh <prabhjyotsingh@gmail.org> Date: 2016-11-14T09:32:04Z add doc commit dc69c9d2d3c520d4a0d354373f451ad66f9c8435 Author: Prabhjyot Singh <prabhjyotsingh@gmail.org> Date: 2016-11-16T08:08:43Z @Leemoonsoo review comment: making ZEPPELIN_SSH_COMMAND configurable
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user Leemoonsoo commented on the issue:

          https://github.com/apache/zeppelin/pull/1554

          LGTM and merge to master if there're no further comments.

          Show
          githubbot ASF GitHub Bot added a comment - Github user Leemoonsoo commented on the issue: https://github.com/apache/zeppelin/pull/1554 LGTM and merge to master if there're no further comments.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user asfgit closed the pull request at:

          https://github.com/apache/zeppelin/pull/1554

          Show
          githubbot ASF GitHub Bot added a comment - Github user asfgit closed the pull request at: https://github.com/apache/zeppelin/pull/1554
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user zjffdu commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Sorry for late comment. I was in vacation in the last 2 weeks. I found this didn't work for spark interpreter. @prabhjyotsingh Did you try it for spark interpreter and other interpreters ?

          Show
          githubbot ASF GitHub Bot added a comment - Github user zjffdu commented on the issue: https://github.com/apache/zeppelin/pull/1322 Sorry for late comment. I was in vacation in the last 2 weeks. I found this didn't work for spark interpreter. @prabhjyotsingh Did you try it for spark interpreter and other interpreters ?
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          @zjffdu Yes, you are right, with SPARK_HOME/SPARK_SUBMIT it doesn't work.

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 @zjffdu Yes, you are right, with SPARK_HOME/SPARK_SUBMIT it doesn't work.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user zjffdu commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Then I think we should either revert this PR or fix it for spark interpreter as well. Because spark interpreter is the most important interpreter of zeppelin IMO.

          Show
          githubbot ASF GitHub Bot added a comment - Github user zjffdu commented on the issue: https://github.com/apache/zeppelin/pull/1322 Then I think we should either revert this PR or fix it for spark interpreter as well. Because spark interpreter is the most important interpreter of zeppelin IMO.
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user prabhjyotsingh commented on the issue:

          https://github.com/apache/zeppelin/pull/1322

          Sure make sense I'll try to fix it ASAP. https://issues.apache.org/jira/browse/ZEPPELIN-1701

          Show
          githubbot ASF GitHub Bot added a comment - Github user prabhjyotsingh commented on the issue: https://github.com/apache/zeppelin/pull/1322 Sure make sense I'll try to fix it ASAP. https://issues.apache.org/jira/browse/ZEPPELIN-1701

            People

            • Assignee:
              prabhjyotsingh Prabhjyot Singh
              Reporter:
              prabhjyotsingh Prabhjyot Singh
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development