Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-5531

Security on ssh impersonation with pyspark

    XMLWordPrintableJSON

    Details

      Description

      I am trying to implement impersonation in zeppelin using SSH (ssh user1@localhost) following the documentation (https://zeppelin.apache.org/docs/0.9.0/usage/interpreter/user_impersonation.html) 
      This approach seems to work with the python and shell interpreters, but does not seem to be entirely working for the pyspark interpreter. 
      When logged into the zeppelin app as user1, running:

      %pyspark
      import os
      os.popen('whoami').read()

      outputs: 'zeppelin', instead of the expected output 'user1.  

      This creates security issues such as 'os.popen("cat conf/credentials.json")'

      Is there a problem with how I configured impersonation, or is this an open issue in the spark interpreter?
      Are there solutions for protecting 'credentials.json'?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Almog Noam
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: