Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fail to open PAM session #56

Open
ghost opened this issue May 6, 2019 · 0 comments
Open

fail to open PAM session #56

ghost opened this issue May 6, 2019 · 0 comments

Comments

@ghost
Copy link

ghost commented May 6, 2019

Dear all,

I try to setup jupyterhub using a sudospawer and the default PAM authenticator in the context of multiple conda environment (using nb_conda_kernels).

To do so:

  1. I added a new user jupyter-admin --> /home/jupyter-admin
  2. I set jupyter-admin as a sudoers
  3. from /home/jupyter-admin I create and activate a new conda environment notebook-env using the following conda envionment file:
name: notebook-env
channels:
  - conda-forge
  - defaults
dependencies:
  - notebook
  - jupyterlab
  - jupyterhub
  - configurable-http-proxy
  - sudospawner
  - nb_conda_kernels
  1. I add those lines in the /etc/sudoers file
Cmnd_Alias JUPYTER_COMMAND = /home/jupyter-admin/miniconda3/envs/notebook-env/bin/sudospawner
jupyter-admin ALL=(ALL:ALL) NOPASSWD:JUPYTER_COMMAND
  1. I start the jupyterhub server with the following config file:
import os
import sys
import tempfile

bin_dir = os.path.split(sys.executable)[0]
spawner = os.path.join(bin_dir, 'sudospawner')
database = os.path.join(tempfile.gettempdir(), "jupyterhub", "jupyterhub.sqlite")
if not os.path.isdir(os.path.dirname(database)):
    os.makedirs(os.path.dirname(database))

# Keep some environment variables if needed:
for var in ("PYTHONHOME", "PYTHONPATH"):
    if var in os.environ:
        c.SudoSpawner.env_keep.append(var)

# Use the sudo spawner for launching the server under a user name different than root
c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner'
c.JupyterHub.ip = '0.0.0.0'
c.JupyterHub.db_url = database
c.SudoSpawner.sudospawner_path = spawner

c.Authenticator.admin_users = {"pellegrini"}

c.Spawner.default_url = "/lab"
c.Spawner.cmd = ['jupyter-labhub']

when starting my jupyterhub server, I get the following error when logging under pellegrini

sh: 1: cannot create /run/motd.dynamic.new: Permission denied

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.


The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

[W 2019-05-06 16:37:03.423 JupyterHub auth:642] Failed to open PAM session for pellegrini: [PAM Error 14] Cannot make/remove an entry for the specified session
[W 2019-05-06 16:37:03.423 JupyterHub auth:643] Disabling PAM sessions from now on.
[D 2019-05-06 16:37:03.442 JupyterHub spawner:63] Spawning ['sudo', '-u', 'pellegrini', '-nH', '/home/jupyter-admin/miniconda3/envs/visa-jupyter/bin/sudospawner']

Strictly speaking this is not a true error in the sense that I can eventually login but I would like to be sure that I did not set something wrong.

I read some related issue (e.g. #51) and tried the proposed recipe but it did not help.

Would you have any ideas ?

thanks in advance

Eric
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants