Squashed commit of the following:

commit 2d92977085 Author: Iyán Méndez Veiga <me@iyanmv.com> Date: Tue Aug 21 23:22:35 2018 +0200 Delete code in start.sh (not necessary). Simplify 'os.umask' code. Add paragraph to docs commit 19d1e7be71 Author: Iyán Méndez Veiga <me@iyanmv.com> Date: Tue Aug 21 19:03:36 2018 +0200 Change if clause condition commit 13802f436c Author: Iyán Méndez Veiga <me@iyanmv.com> Date: Tue Aug 21 20:24:38 2018 +0200 Update jupyterlab & extensions commit 63bdcad837 Author: Iyán Méndez Veiga <me@iyanmv.com> Date: Tue Aug 21 16:21:01 2018 +0200 Fix 'No newline at end of file' commit 9504408874 Author: Iyan Méndez Veiga <iyan.mendezveiga@arcelormittal.com> Date: Tue Aug 21 15:37:32 2018 +0200 Fix if clause start.sh commit 74da4e07b2 Author: Iyan Méndez Veiga <iyan.mendezveiga@arcelormittal.com> Date: Tue Aug 21 14:52:21 2018 +0200 Add NB_UMASK flag to modify default umask
2025-10-10 11:32:57 +00:00 · 2018-12-28 13:24:16 -05:00
parent 30ea6099ff
commit 1ec114a8ca
3 changed files with 5 additions and 0 deletions
--- a/base-notebook/Dockerfile
+++ b/base-notebook/Dockerfile
@@ -35,6 +35,7 @@ ENV CONDA_DIR=/opt/conda \
    NB_USER=$NB_USER \
    NB_UID=$NB_UID \
    NB_GID=$NB_GID \
+    NB_UMASK=0022 \
    LC_ALL=en_US.UTF-8 \
    LANG=en_US.UTF-8 \
    LANGUAGE=en_US.UTF-8
--- a/base-notebook/jupyter_notebook_config.py
+++ b/base-notebook/jupyter_notebook_config.py
@@ -37,3 +37,6 @@ if 'GEN_CERT' in os.environ:
    # Restrict access to the file
    os.chmod(pem_file, stat.S_IRUSR | stat.S_IWUSR)
    c.NotebookApp.certfile = pem_file
+
+# Change default umask if set using flag
+os.umask(int(os.environ['NB_UMASK'], 8))
--- a/docs/using/common.md
+++ b/docs/using/common.md
@@ -27,6 +27,7 @@ the notebook server. You do so by passing arguments to the `docker run` command.
 * `-e NB_UID=1000` - Instructs the startup script to switch the numeric user ID of `$NB_USER` to the given value. This feature is useful when mounting host volumes with specific owner permissions. For this option to take effect, you must run the container with `--user root`. (The startup script will `su $NB_USER` after adjusting the user ID.) You might consider using modern Docker options `--user` and `--group-add` instead. See the last bullet below for details.
 * `-e NB_GID=100` - Instructs the startup script to change the primary group of`$NB_USER` to `$NB_GID` (the new group is added with a name of `$NB_GROUP` if it is defined, otherwise the group is named `$NB_USER`).  This feature is useful when mounting host volumes with specific group permissions. For this option to take effect, you must run the container with `--user root`. (The startup script will `su $NB_USER` after adjusting the group ID.) You might consider using modern Docker options `--user` and `--group-add` instead. See the last bullet below for details.  The user is added to supplemental group `users` (gid 100) in order to allow write access to the home directory and `/opt/conda`.  If you override the user/group logic, ensure the user stays in group `users` if you want them to be able to modify files in the image.
 * `-e NB_GROUP=<name>` - The name used for `$NB_GID`, which defaults to `$NB_USER`.  This is only used if `$NB_GID` is specified and completely optional: there is only cosmetic effect.
+* `-e NB_UMASK=<umask>` - Configures Jupyter to use a different umask value from default, i.e. `022`. For example, if setting umask to `002`, new files will be readable and writable by group members instead of just writable by the owner. Wikipedia has a good article about [umask](https://en.wikipedia.org/wiki/Umask). Feel free to read it in order to choose the value that better fits your needs. Default value should fit most situations.
 * `-e CHOWN_HOME=yes` - Instructs the startup script to change the `$NB_USER` home directory owner and group to the current value of `$NB_UID` and `$NB_GID`. This change will take effect even if the user home directory is mounted from the host using `-v` as described below. The change is **not** applied recursively by default. You can change modify the `chown` behavior by setting `CHOWN_HOME_OPTS` (e.g., `-e CHOWN_HOME_OPTS='-R'`).
 * `-e CHOWN_EXTRA="<some dir>,<some other dir>` - Instructs the startup script to change the owner and group of each comma-separated container directory to the current value of `$NB_UID` and `$NB_GID`. The change is **not** applied recursively by default. You can change modify the `chown` behavior by setting `CHOWN_EXTRA_OPTS` (e.g., `-e CHOWN_EXTRA_OPTS='-R'`).
 * `-e GRANT_SUDO=yes` - Instructs the startup script to grant the `NB_USER` user passwordless `sudo` capability. You do **not** need this option to allow the user to `conda` or `pip` install additional packages. This option is useful, however, when you wish to give `$NB_USER` the ability to install OS packages with `apt` or modify other root-owned files in the container. For this option to take effect, you must run the container with `--user root`. (The `start-notebook.sh` script will `su $NB_USER` after adding `$NB_USER` to sudoers.) **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**