Skip to content

jupyterhub/sudospawner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

119 Commits

.github/workflows

.github/workflows

 
 

examples

examples

 
 

scripts

scripts

 
 

sudospawner

sudospawner

 
 

.coveragerc

.coveragerc

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

setup.py

setup.py

 
 

test-requirements.txt

test-requirements.txt

 
 

Repository files navigation

SudoSpawner

PyPI

GitHub Workflow Status - Test

The SudoSpawner enables JupyterHub to spawn single-user servers without being root, by spawning an intermediate process via sudo, which takes actions on behalf of the user.

The sudospawner mediator, the intermediate process, can only do two things:

  1. send a signal to another process using the os.kill() call
  2. spawn single-user servers

Launching the sudospawner script is the only action that requires a JupyterHub administrator to have sudo access to execute.

Installation and setup

  1. Install:

     pip install -e .

  2. Add sudo access to the script.

  3. To configure JupyterHub to use SudoSpawner, add the following to your jupyterhub_config.py:

     c.JupyterHub.spawner_class='sudospawner.SudoSpawner'

    The JupyterHub documentation has additional information about creating a configuration file, if needed, and recommended file locations for configuration files.

If you would like to use JupyterLab, then all you have to do is set the default_url in jupyterhub_config.py:

c.Spawner.default_url = '/lab'

Custom singleuser launch command

In order to limit what permissions the use of sudospawner grants the Hub, when a single-user server is launched the executable spawned is hardcoded as dirname(sudospawner)/jupyterhub-singleuser. This requires the sudospawner executable to be in the same directory as the jupyterhub-singleuser command. It is very important that users cannot modify the bin/ directory containing sudospawner, otherwise they can modify what sudospawner actually enables JupyterHub to do.

You may want to initialize user environment variables before launching the server, or do other initialization. If you install a script called sudospawner-singleuser next to sudospawner, this will be used instead of the direct jupyterhub-singleuser command.

For example, you might want to spawn notebook servers from conda environments that are revised and deployed separately from your hub instance.

#!/bin/bash -l
set -e

# Activate the notebook environment
source /opt/miniconda/bin/activate /opt/envs/notebook-latest

# Show environment info in the log to aid debugging
conda info

# Delegate the notebook server launch to the jupyterhub-singleuser script.
# this is how most sudospawner-singleuser scripts should end.
exec "$(dirname "$0")/jupyterhub-singleuser" $@

Example

The Dockerfile in this repo contains an example configuration for setting up a JupyterHub system, without any need to run anything as root.

About

Spawn JupyterHub single-user servers with sudo

Topics

jupyter jupyterhub spawner

Resources

Readme

License

BSD-3-Clause license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

50 stars

Watchers

11 watching

Forks

44 forks
Report repository

Releases

8 tags

Packages

No packages published

Contributors 13

Languages