docs/usage/interpreter/user_impersonation.md
{% include JB/setup %}
User impersonation enables to run zeppelin interpreter process as a web frontend user
conf/shiro.ini[users]
user1 = password1, role1
user2 = password2, role2
adduser user1
#ssh-keygen (optional if you don't already have generated ssh-key.
ssh user1@localhost mkdir -p .ssh
cat ~/.ssh/id_rsa.pub | ssh user1@localhost 'cat >> .ssh/authorized_keys'
Alternatively instead of password-less, user can override ZEPPELIN_IMPERSONATE_CMD in zeppelin-env.sh
export ZEPPELIN_IMPERSONATE_CMD=(sudo -H -u "${ZEPPELIN_IMPERSONATE_USER}" bash -c)
# for OSX, linux
bin/zeppelin-daemon restart
# for windows
bin\zeppelin.cmd
</a>
Go to interpreter setting page, and enable "User Impersonate" in any of the interpreter (in my example its shell interpreter)
%sh
whoami
Note that usage of "User Impersonate" option will enable Spark interpreter to use --proxy-user option with current user by default. If you want to disable --proxy-user option, then refer to ZEPPELIN_IMPERSONATE_SPARK_PROXY_USER variable in conf/zeppelin-env.sh
core-site.xml<property>
<name>hadoop.proxyuser.zeppelin.groups</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.zeppelin.users</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.zeppelin.hosts</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.hive.groups</name>
<value>zeppelin</value>
</property>
zeppelin-site.xml<property>
<name>zeppelin.server.kerberos.keytab</name>
<value>zeppelin.keytab</value>
</property>
<property>
<name>zeppelin.server.kerberos.principal</name>
<value>zeppelin@principal</value>
</property>
# for OSX, linux
bin/zeppelin-daemon restart
# for windows
bin\zeppelin.cmd
Option
The interpreter will be instantiated Per User in isolated process
User impersonate