<https://github.com/apache/zeppelin/pull/3333>Are you running zeppelin in
docker container ?Are you care about all the interpreters or just spark
interpreter ?
Tony Primerano <primer...@tonycode.com> 于2019年10月11日周五 下午10:36写道:
> I have a use case where I am running the Zeppelin server as a user named
> zeppelin. All user interpreter processes run as this user but this gives
> them too much power. They can view configuration files and logs.
>
> I don't want to impersonate the users because they don't have accounts in
> the container I am running Zeppelin in.
>
> So the hack I came up with was to set ZEPPELIN_IMERSONATE_USER manually.
>
> export ZEPPELIN_IMPERSONATE_USER='zeppelin_user'
>
> export ZEPPELIN_IMPERSONATE_CMD='sudo -H -u ${ZEPPELIN_IMPERSONATE_USER}
> /bin/bash -c '
>
> export ZEPPELIN_IMPERSONATE_SPARK_PROXY_USER=true
>
> This seems to work but it isn't really a standard configuration and I fear
> it may break in the future.
>
> Is there a better way to do this?
>
> The zeppelin_user account has limited access so it can't read the conf and
> other sensitive directories.
>
> Let me know if there is a better way to do this.
>
> Thanks,
> Tony
>
>
>
>
--
Best Regards
Jeff Zhang
