Run zeppelin interpreter process as web front end user

  • Enable shiro auth in shiro.ini
[users]
user1 = password1, role1
user2 = password2, role2
  • Enable password-less ssh for the user you want to impersonate (say user1).
adduser user1
#ssh-keygen (optional if you don't already have generated ssh-key.
ssh user1@localhost mkdir -p .ssh
cat ~/.ssh/id_rsa.pub | ssh user1@localhost 'cat >> .ssh/authorized_keys'
  • Alternatively instead of password-less, user can override ZEPPELINIMPERSONATECMD in zeppelin-env.sh
export ZEPPELIN_IMPERSONATE_CMD='sudo -H -u ${ZEPPELIN_IMPERSONATE_USER} bash -c '
  • Start zeppelin server.

Screenshot


  • Go to interpreter setting page, and enable "User Impersonate" in any of the interpreter (in my example its shell interpreter)

  • Test with a simple paragraph

%sh
whoami

Note that usage of "User Impersonate" option will enable Spark interpreter to use --proxy-user option with current user by default. If you want to disable --proxy-user option, then refer to ZEPPELIN_IMPERSONATE_SPARK_PROXY_USER variable in conf/zeppelin-env.sh