Agreed. Supporting container services must be good and I like this idea, but I don't think it's the part of this issue directly. Let's talk about this issue with another email.
I want to talk about enabling authentication by default. If it's enabled, we should login admin/password1 at the beginning. How do you think of it? On Sat, Dec 2, 2017 at 1:57 AM, Felix Cheung <felixcheun...@hotmail.com> wrote: > I’d +1 docker or container support (mesos, dc/os, k8s) > > But I think that they are separate things. If users are authenticated and > interpreter is impersonating each user, the risk of system disruption > should be low. This is typically how to secure things in a system, through > user directory (eg LDAP) and access control (normal user can’t sudo and > delete everything). > > Thought? > > _____________________________ > From: Jeff Zhang <zjf...@gmail.com> > Sent: Thursday, November 30, 2017 11:51 PM > > Subject: Re: [DISCUSS] Change some default settings for avoiding > unintended usages > To: <d...@zeppelin.apache.org> > Cc: users <users@zeppelin.apache.org> > > > > +1 for running interpreter process in docker container. > > > > Jongyoul Lee <jongy...@gmail.com>于2017年12月1日周五 下午3:36写道: > >> Yes, exactly, this is not only the shell interpreter problem, all can run >> any script through python and Scala. Shell is just an example. >> >> Using docker looks good but it cannot avoid unindented usage of resources >> like mining coin. >> >> On Fri, Dec 1, 2017 at 2:36 PM, Felix Cheung <felixcheun...@hotmail.com> >> wrote: >> >> > I don’t think that’s limited to the shell interpreter. >> > >> > You can run any arbitrary program or script from python or Scala (or >> java) >> > as well. >> > >> > _____________________________ >> > From: Jeff Zhang <zjf...@gmail.com> >> > Sent: Wednesday, November 29, 2017 4:00 PM >> > Subject: Re: [DISCUSS] Change some default settings for avoiding >> > unintended usages >> > To: <d...@zeppelin.apache.org> >> > Cc: users <users@zeppelin.apache.org> >> > >> > >> > >> > Shell interpreter is a black hole for security, usually we don't >> recommend >> > or allow user to use shell. >> > >> > We may need to refactor the shell interpreter, running under zeppelin >> user >> > is too dangerous. >> > >> > >> > >> > >> > >> > Jongyoul Lee <jongy...@gmail.com>于2017年11月29日周三 下午11:44写道: >> > >> > > Hi, users and dev, >> > > >> > > Recently, I've got an issue about the abnormal usage of some >> > interpreters. >> > > Zeppelin's users can access shell by shell and python interpreters. It >> > > means all users can run or execute what they want even if it harms the >> > > system. Thus I agree that we need to change some default settings to >> > > prevent this kind of abusing situation. Before we proceed to do it, I >> > want >> > > to listen to others' opinions. >> > > >> > > Feel free to reply this email >> > > >> > > Regards, >> > > Jongyoul >> > > >> > > -- >> > > 이종열, Jongyoul Lee, 李宗烈 >> > > http://madeng.net >> > > >> > >> > >> > >> >> >> -- >> 이종열, Jongyoul Lee, 李宗烈 >> http://madeng.net >> > > > -- 이종열, Jongyoul Lee, 李宗烈 http://madeng.net
