mirror of
https://github.com/jupyterhub/the-littlest-jupyterhub.git
synced 2025-12-18 21:54:05 +08:00
c5eae3386a
Having upgraded systemdspawner to 1.0.0, its configuration option `disable_user_sudo` now defaults to True. This would be a breaking unwanted change for our jupyterhub admin users who are configured with passwordless sudo. Its unlikeley a breaking change for other users, but could be if they are granted sudo rights without being a jupyterhub admin. But, if they are, then they could grant themself such rights anyhow so its reasonable to assume jupyterhub admins only should have sudo rights in a TLJH installation.
39 lines
1.3 KiB
Python
39 lines
1.3 KiB
Python
from systemdspawner import SystemdSpawner
|
|
from traitlets import Dict, List, Unicode
|
|
|
|
from tljh import user
|
|
from tljh.normalize import generate_system_username
|
|
|
|
|
|
class UserCreatingSpawner(SystemdSpawner):
|
|
"""
|
|
SystemdSpawner with user creation on spawn.
|
|
|
|
FIXME: Remove this somehow?
|
|
"""
|
|
|
|
user_groups = Dict(key_trait=Unicode(), value_trait=List(Unicode()), config=True)
|
|
|
|
def start(self):
|
|
"""
|
|
Perform system user activities before starting server
|
|
"""
|
|
# FIXME: Move this elsewhere? Into the Authenticator?
|
|
system_username = generate_system_username("jupyter-" + self.user.name)
|
|
|
|
# FIXME: This is a hack. Allow setting username directly instead
|
|
self.username_template = system_username
|
|
user.ensure_user(system_username)
|
|
user.ensure_user_group(system_username, "jupyterhub-users")
|
|
if self.user.admin:
|
|
self.disable_user_sudo = False
|
|
user.ensure_user_group(system_username, "jupyterhub-admins")
|
|
else:
|
|
self.disable_user_sudo = True
|
|
user.remove_user_group(system_username, "jupyterhub-admins")
|
|
if self.user_groups:
|
|
for group, users in self.user_groups.items():
|
|
if self.user.name in users:
|
|
user.ensure_user_group(system_username, group)
|
|
return super().start()
|