[ZEPPELIN-5531] Security on ssh impersonation with pyspark - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: 0.9.0
Fix Version/s: None
Component/s: interpreter-setting, Interpreters, security
Labels:
None

Description

I am trying to implement impersonation in zeppelin using SSH (ssh user1@localhost) following the documentation (https://zeppelin.apache.org/docs/0.9.0/usage/interpreter/user_impersonation.html)
This approach seems to work with the python and shell interpreters, but does not seem to be entirely working for the pyspark interpreter.
When logged into the zeppelin app as user1, running:

%pyspark
import os
os.popen('whoami').read()

outputs: 'zeppelin', instead of the expected output 'user1.

This creates security issues such as 'os.popen("cat conf/credentials.json")'

Is there a problem with how I configured impersonation, or is this an open issue in the spark interpreter?
Are there solutions for protecting 'credentials.json'?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Noam

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Sep/21 19:29

Updated:: 28/Sep/21 18:03