Prefix user accounts we create

- Helps protect against users named 'root'
- Makes it clearer that you should not rely on these users
  for general PAM work, because they are prefixed.

Fixes #9

tljh/configurer.py

@@ -49,6 +49,7 @@ def apply_yaml_config(path, c):
     update_userlists(c, tljh_config)
     update_limits(c, tljh_config)
     update_user_environment(c, tljh_config)
+    update_user_account_config(c, tljh_config)
 
 
 def update_auth(c, config):
@@ -102,6 +103,10 @@ def update_user_environment(c, config):
         c.Spawner.default_url = '/nteract'
 
 
+def update_user_account_config(c, config):
+    c.SystemdSpawner.username_template = 'jupyter-{USERNAME}'
+
+
 def _merge_dictionaries(a, b, path=None, update=True):
     """
     Merge two dictionaries recursively.

tljh/jupyterhub_config.py

@@ -8,20 +8,23 @@ from tljh import user, configurer
 INSTALL_PREFIX = os.environ.get('TLJH_INSTALL_PREFIX')
 USER_ENV_PREFIX = os.path.join(INSTALL_PREFIX, 'user')
 
+
 class CustomSpawner(SystemdSpawner):
     def start(self):
         """
         Perform system user activities before starting server
         """
         # FIXME: Move this elsewhere? Into the Authenticator?
-        user.ensure_user(self.user.name)
+        system_username = 'jupyter-' + self.user.name
-        user.ensure_user_group(self.user.name, 'jupyterhub-users')
+        user.ensure_user(system_username)
+        user.ensure_user_group(system_username, 'jupyterhub-users')
         if self.user.admin:
-            user.ensure_user_group(self.user.name, 'jupyterhub-admins')
+            user.ensure_user_group(system_username, 'jupyterhub-admins')
         else:
-            user.remove_user_group(self.user.name, 'jupyterhub-admins')
+            user.remove_user_group(system_username, 'jupyterhub-admins')
         return super().start()
 
+
 c.JupyterHub.spawner_class = CustomSpawner
 
 c.JupyterHub.port = 80