Move useradd, enable_sudo.sh, and server launch into start-notebook.sh

Provides ability to specify NB_USER and NB_UID at docker run time rather than build time.

minimal-notebook/Dockerfile

@@ -20,7 +20,6 @@ RUN apt-get update && apt-get install -yq --no-install-recommends \
     texlive-latex-extra \
     texlive-fonts-extra \
     texlive-fonts-recommended \
-    supervisor \
     sudo \
     && apt-get clean
 
@@ -34,21 +33,12 @@ RUN echo export PATH=$CONDA_DIR/bin:'$PATH' > /etc/profile.d/conda.sh && \
     rm Miniconda3-3.9.1-Linux-x86_64.sh && \
     $CONDA_DIR/bin/conda install --yes conda==3.14.1
 
-# Create non-root user
-RUN useradd -m -s /bin/bash $NB_USER
-RUN chown -R $NB_USER:$NB_USER $CONDA_DIR
-RUN chown $NB_USER:$NB_USER /home/$NB_USER -R
-
-# Configure user environment
-USER $NB_USER
-ENV HOME /home/$NB_USER
-ENV SHELL /bin/bash
-ENV USER $NB_USER
+# Configure docker environment
 ENV PATH $CONDA_DIR/bin:$PATH
 
 # Setup a work directory rooted in home for ease of volume mounting
-ENV WORK $HOME/work
-RUN mkdir -p $WORK
+ENV WORK /notebooks
+RUN mkdir -p $WORK && chown root.users $WORK && chmod g+w $WORK
 WORKDIR $WORK
 
 # Install Jupyter notebook
@@ -57,16 +47,10 @@ RUN conda install --yes \
     terminado \
     && conda clean -yt
 
-# Configure Jupyter
-RUN jupyter notebook --generate-config
-
 # Configure container startup
 EXPOSE 8888
-USER root
-CMD ["supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"]
+CMD [ "start-notebook.sh" ]
 
 # Add local files as late as possible to avoid cache busting
-COPY jupyter_notebook_config.py $HOME/.jupyter/
-COPY notebook.conf /etc/supervisor/conf.d/
-COPY enable_sudo.sh /usr/local/bin/
-RUN chown $NB_USER:$NB_USER $HOME/.jupyter/jupyter_notebook_config.py
+COPY start-notebook.sh /usr/local/bin/
+COPY jupyter_notebook_config.py /etc/skel/.jupyter/

minimal-notebook/enable_sudo.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-if [ ! -z "$GRANT_SUDO" ]; then
-    echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
-fi

minimal-notebook/notebook.conf

@@ -1,18 +0,0 @@
-[program:notebook]
-user=jovyan
-umask=0002
-directory=/home/jovyan/work
-command=ipython notebook
-autostart=true
-autorestart=true
-stdout_logfile=/var/log/supervisor/%(program_name)s.log
-redirect_stderr=true
-
-[program:sudoers]
-command=enable_sudo.sh
-autostart=true
-autorestart=false
-stdout_logfile=/var/log/supervisor/%(program_name)s.log
-redirect_stderr=true
-startretries=0
-startsecs=0

minimal-notebook/start-notebook.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Create non-root NB_USER, member of group "users"
+useradd -m -s /bin/bash -u ${NB_UID:-1000} -G users $NB_USER
+
+# Allow "users" group to update conda root env
+chown -R root.users $CONDA_DIR
+chmod -R g+w $CONDA_DIR
+
+# Enable sudo if requested
+if [ ! -z "$GRANT_SUDO" ]; then
+    echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
+fi
+
+# Run Notebook server as $NB_USER
+su -l $NB_USER << EOF
+cd $WORK
+jupyter notebook
+EOF