Replies: 2 comments
-
|
The reason I'm looking at this now is because I'm mid way through setting up a mechanism for our users to import and export data to/from the system. We have been using Whichever solution we use the expected behaviour is that files you upload belong to your account, are stored in a directory with your name on it, and are not publicly accessible unless you take specific action to make them public. All of which doesn't sit well with running everyone's notebooks using the same generic Linux account. |
Beta Was this translation helpful? Give feedback.
-
|
I vote pain now: the sooner we address long-term administration issues the better. |
Beta Was this translation helpful? Give feedback.
-
In the current Ansible based deployment all the notebooks are run using the same Linux user account,
fedora, regardless of which Zeppelin account the user is logged in as. Each of us also has an individual Linux user account, which we use to login to the server viassh. The mismatch between these two patterns causes some unexpected behaviour to do with file permissions and access.%shparagraph is done as thefedorauser./userdirectories, the permissions on our/userdirectories have to read/write to all./userdirectories to read/write to all means everyone can overwrite everyone else's data (very easy to do when we are sharing notebooks)./homedirectory where they can store secrets.Long term plan, we will want to isolate Zeppelin notebook execution on a per user basis, so each person has a separate Linux user account, notebooks are executed using that person's Linux
uidand file ownership and permissions are set in a consistent manner.We can choose to make that change now, while we only have two users, or we can put this off until later when the transition will be more painful.
What do you think - some pain now or much pain later ?
Beta Was this translation helpful? Give feedback.
All reactions