zhangyiss/the-littlest-jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/the-littlest-jupyterhub.git synced 2025-12-18 21:54:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use classic unix users rather than systemd dynamic users

Browse Source 
Dynamic Users are neat and probably very useful for a tmpnb
style situation. However, for regular use they have the following
problems:

1. Can't set ProtectHome=no, so you can never apt install or
   similar from inside admin accounts.
2. Dynamic uid / gid makes it hard to write sudo rules. We want
   admin users to have sudo.
3. Persistent uids / gids are very useful for ad-hoc ACLs between
   users. gid sharing isn't the most flexible sharing mechanism,
   but it is well known & quite useful.
4. /etc/skel is pretty useful!
This commit is contained in:
yuvipanda
2018-06-26 23:30:06 -07:00
parent 335ba3c8a6
commit f90a0fa540
5 changed files with 260 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
tljh/jupyterhub_config.py
View File

@@ -1,26 +1,29 @@
"""
JupyterHub config for the littlest jupyterhub.
This is run on startup & restarts. This file has the following
responsibilities:
1. Set up & maintain user conda environment
2. Configure JupyterHub from YAML file
This code will run as an unprivileged user, but with unlimited
sudo access. Code here can block, since it all runs before JupyterHub
starts.
"""
from tljh import conda
from escapism import escape
import os
from systemdspawner import SystemdSpawner
from tljh import user
INSTALL_PREFIX = os.environ.get('TLJH_INSTALL_PREFIX', '/opt/tljh')
INSTALL_PREFIX = os.environ.get('TLJH_INSTALL_PREFIX')
USER_ENV_PREFIX = os.path.join(INSTALL_PREFIX, 'user')
c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner'
class CustomSpawner(SystemdSpawner):
def start(self):
"""
Perform system user activities before starting server
"""
# FIXME: Move this elsewhere? Into the Authenticator?
user.ensure_user(self.user.name)
user.ensure_user_group(self.user.name, 'jupyterhub-users')
if self.user.admin:
user.ensure_user_group(self.user.name, 'jupyterhub-admins')
return super().start()
c.JupyterHub.spawner_class = CustomSpawner
c.JupyterHub.authenticator_class = 'dummyauthenticator.DummyAuthenticator'
c.SystemdSpawner.extra_paths = [os.path.join(USER_ENV_PREFIX, 'bin')]
c.SystemdSpawner.use_sudo = True
c.SystemdSpawner.dynamic_users = True