[GitHub] zeppelin pull request #1322: [ZEPPELIN-1320] Security fix for Shell/Spark an...

[prabhjyotsingh]

GitHub user prabhjyotsingh opened a pull request:

    https://github.com/apache/zeppelin/pull/1322

    [ZEPPELIN-1320] Security fix for Shell/Spark and Python Interpreter

    ### What is this PR for?
    While running a Notebook using shell, spark, python uses same user as which 
zeppelin server is running. Which means these interprets have same permission 
on file system as zeppelin server.
    IMO user should have option to run these interpreters as different user.
    
    ### What type of PR is it?
    [Improvement]
    
    ### Todos
    * [ ] - Update doc
    
    ### What is the Jira issue?
    * [ZEPPELIN-1320](https://issues.apache.org/jira/browse/ZEPPELIN-1320)
    
    ### How should this be tested?
     - Add an user in system say "zeppelin-interpreter"
     - Add ssh key for the same
    ```
    ssh-keygen
    ssh zeppelin-interpreter@localhost mkdir -p .ssh
    cat ~/.ssh/id_rsa.pub | ssh zeppelin-interpreter@localhost 'cat >> 
.ssh/authorized_keys'
    ```
     - Add `export ZEPPELIN_INTERPRETER_USER="zeppelin-interpreter"` in  
`zeppelin-env.sh` 
     - Start zeppelin server, try and run following in paragraph in a notebook
    
    ```
    %sh
    whoami
    ```
    
    Check that it should run as new user, i.e. "zeppelin-interpreter"
    
    ### Screenshots (if appropriate)
    
    <img width="1440" alt="screen shot 2016-08-11 at 8 45 12 pm" 
src="https://cloud.githubusercontent.com/assets/674497/17593747/8c9eb096-6004-11e6-8487-3e44a1a0d6eb.png";>
    
    
    
    ### Questions:
    * Does the licenses files need update? no
    * Is there breaking changes for older versions? no
    * Does this needs documentation? yes
    


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1320

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/1322.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1322
    
----
commit 6aafac445db4cd8944caa07280fcdbebb2faea0f
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2016-08-11T15:08:12Z

    user should have option to run these interpreters as different user.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---