zhangyiss/the-littlest-jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/the-littlest-jupyterhub.git synced 2025-12-18 21:54:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

SystemdSpawner 1: don't prevent admins from sudo / privilege escalation

Browse Source 
Having upgraded systemdspawner to 1.0.0, its configuration option
`disable_user_sudo` now defaults to True. This would be a breaking
unwanted change for our jupyterhub admin users who are configured with
passwordless sudo.

Its unlikeley a breaking change for other users, but could be if they
are granted sudo rights without being a jupyterhub admin. But, if they
are, then they could grant themself such rights anyhow so its reasonable
to assume jupyterhub admins only should have sudo rights in a TLJH
installation.
This commit is contained in:
Erik Sundell
2023-06-01 23:43:38 +02:00
parent a373b2108c
commit c5eae3386a
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tljh/user_creating_spawner.py
View File

@@ -26,8 +26,10 @@ class UserCreatingSpawner(SystemdSpawner):
user.ensure_user(system_username)
user.ensure_user_group(system_username, "jupyterhub-users")
if self.user.admin:
self.disable_user_sudo = False
user.ensure_user_group(system_username, "jupyterhub-admins")
else:
self.disable_user_sudo = True
user.remove_user_group(system_username, "jupyterhub-admins")
if self.user_groups:
for group, users in self.user_groups.items():