From e957fc3bf03121ed02d5d15e0aa06d56983522a8 Mon Sep 17 00:00:00 2001
From: yuvipanda <yuvipanda@gmail.com>
Date: Wed, 27 Jun 2018 02:07:49 -0700
Subject: [PATCH] Don't use sudo for everything

We are running as root, and will rely on dropping privs via
systemd rather than sudo
---
 tljh/jupyterhub_config.py | 1 -
 tljh/systemd.py           | 9 ---------
 tljh/user.py              | 8 +-------
 3 files changed, 1 insertion(+), 17 deletions(-)

diff --git a/tljh/jupyterhub_config.py b/tljh/jupyterhub_config.py
index c17bc5a..6340543 100644
--- a/tljh/jupyterhub_config.py
+++ b/tljh/jupyterhub_config.py
@@ -27,6 +27,5 @@ c.JupyterHub.spawner_class = CustomSpawner
 c.ConfigurableHTTPProxy.should_start = False
 
 c.SystemdSpawner.extra_paths = [os.path.join(USER_ENV_PREFIX, 'bin')]
-c.SystemdSpawner.use_sudo = True
 
 configurer.apply_yaml_config('/etc/jupyterhub/jupyterhub.yaml', c)
diff --git a/tljh/systemd.py b/tljh/systemd.py
index 53cc42b..fcda899 100644
--- a/tljh/systemd.py
+++ b/tljh/systemd.py
@@ -1,11 +1,6 @@
 """
 Wraps systemctl to install, uninstall, start & stop systemd services.
 
-We use sudo + subprocess calls for everything. This works when we
-are running as root & as normal user (with arbitrary sudo privileges).
-Arbitrary sudo privileges suck, but are better than running the whole
-process as root.
-
 If we use a debian package instead, we can get rid of all this code.
 """
 import subprocess
@@ -19,7 +14,6 @@ def reload_daemon():
     Makes systemd discover new units.
     """
     subprocess.run([
-        'sudo',
         'systemctl',
         'daemon-reload'
     ], check=True)
@@ -30,7 +24,6 @@ def install_unit(name, unit, path='/etc/systemd/system'):
     Install unit wih given name
     """
     subprocess.run([
-        'sudo',
         'tee',
         os.path.join(path, name)
     ], input=unit.encode('utf-8'), check=True)
@@ -41,7 +34,6 @@ def uninstall_unit(name, path='/etc/systemd/system'):
     Uninstall unit with given name
     """
     subprocess.run([
-        'sudo',
         'rm',
         os.path.join(path, name)
     ], check=True)
@@ -52,7 +44,6 @@ def start_service(name):
     Start service with given name.
     """
     subprocess.run([
-        'sudo',
         'systemctl',
         'start',
         name
diff --git a/tljh/user.py b/tljh/user.py
index 857be2f..83bfa7f 100644
--- a/tljh/user.py
+++ b/tljh/user.py
@@ -1,7 +1,7 @@
 """
 User management for tljh.
 
-Supports user creation, deletion & sudo
+Supports minimal user & group management
 """
 import pwd
 import grp
@@ -22,7 +22,6 @@ def ensure_user(username):
         pass
 
     subprocess.check_call([
-        'sudo',
         'adduser',
         '--disabled-password',
         '--force-badname',
@@ -42,7 +41,6 @@ def remove_user(username):
         return
 
     subprocess.check_call([
-        'sudo',
         'deluser',
         '--quiet',
         username
@@ -61,7 +59,6 @@ def ensure_group(groupname):
         pass
 
     subprocess.check_call([
-        'sudo',
         'addgroup',
         '--quiet',
         groupname
@@ -79,7 +76,6 @@ def remove_group(groupname):
         return
 
     subprocess.check_call([
-        'sudo',
         'delgroup',
         '--quiet',
         groupname
@@ -97,7 +93,6 @@ def ensure_user_group(username, groupname):
         return
 
     subprocess.check_call([
-        'sudo',
         'usermod',
         '--append',
         '--groups',
@@ -115,7 +110,6 @@ def remove_user_group(username, groupname):
         return
 
     subprocess.check_call([
-        'sudo',
         'deluser',
         '--quiet',
         username,