Skip to main content

SudoSpawner: Spawner for JupyterHub using sudo

Project description

SudoSpawner

PyPI

The SudoSpawner enables JupyterHub to spawn single-user servers without being root, by spawning an intermediate process via sudo, which takes actions on behalf of the user.

The sudospawner mediator, the intermediate process, can only do two things:

  1. send a signal to another process using the os.kill() call
  2. spawn single-user servers

Launching the sudospawner script is the only action that requires a JupyterHub administrator to have sudo access to execute.

Installation and setup

  1. Install:

     pip install -e .
    
  2. Add sudo access to the script.

  3. To configure JupyterHub to use SudoSpawner, add the following to your jupyterhub_config.py:

     c.JupyterHub.spawner_class='sudospawner.SudoSpawner'
    

    The JupyterHub documentation has additional information about creating a configuration file, if needed, and recommended file locations for configuration files.

Custom singleuser launch command

In order to limit what permissions the use of sudospawner grants the Hub, when a single-user server is launched the executable spawned is hardcoded as dirname(sudospawner)/jupyterhub-singleuser. This requires the sudospawner executable to be in the same directory as the jupyterhub-singleuser command. It is very important that users cannot modify the bin/ directory containing sudospawner, otherwise they can modify what sudospawner actually enables JupyterHub to do.

You may want to initialize user environment variables before launching the server, or do other initialization. If you install a script called sudospawner-singleuser next to sudospawner, this will be used instead of the direct jupyterhub-singleuser command.

For example, you might want to spawn notebook servers from conda environments that are revised and deployed separately from your hub instance.

#!/bin/bash -l
set -e

# Activate the notebook environment
source /opt/miniconda/bin/activate /opt/envs/notebook-latest

# Show environment info in the log to aid debugging
conda info

# Delegate the notebook server launch to the jupyterhub-singleuser script.
# this is how most sudospawner-singleuser scripts should end.
exec "$(dirname "$0")/jupyterhub-singleuser" $@

SudoSpawner with JupyterLab-Hub singleuser launch command

In order to have SudoSpawner work with JupyterLab-Hub you will need to create a custom singleuser launch command. Create the script sudospawner-singleuser containing the below code in the same directory as sudospawner and grant it the same permissions.

#!/bin/bash -l

# Delegate the notebook server launch to the jupyter-labhub script.
exec "jupyter-labhub" $@

Example

The Dockerfile in this repo contains an example configuration for setting up a JupyterHub system, without any need to run anything as root.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sudospawner-0.5.2.tar.gz (9.1 kB view details)

Uploaded Source

Built Distribution

sudospawner-0.5.2-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file sudospawner-0.5.2.tar.gz.

File metadata

  • Download URL: sudospawner-0.5.2.tar.gz
  • Upload date:
  • Size: 9.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for sudospawner-0.5.2.tar.gz
Algorithm Hash digest
SHA256 5dbddd8164e05e4bb3a31eeb1a5baf5a5c6268f1cd14b3f063cde609b8bfbbe1
MD5 9ece7871687b07d37cfb5acf69ea4a9f
BLAKE2b-256 ac4d776e494c968f3117336340262b3ec2cfad1725966eff68f437eeb636bf33

See more details on using hashes here.

Provenance

File details

Details for the file sudospawner-0.5.2-py3-none-any.whl.

File metadata

File hashes

Hashes for sudospawner-0.5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 662e5513a8c78cc654f7e997449ad36532a7f04051d459b39a423e4171cc8495
MD5 4de2a1488543b087ccdc1f724ae70196
BLAKE2b-256 55a8ff1a55a19f3d9b6927282e78e147e6c093a529d2c99a4a5d4d1d9a46a437

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page