* Refactor to use sudo to become jovyna when the
container starts as root
* Retain all environment variables when becoming
jovyan
* Handle start.sh without additional commands when
launching a container as NB_USER too
Please refer to alias, in bottom of commit.
> dbn
Execute the command: jupyter notebook
> dbn bash
jovyan@eedcc93a837d:~$
> dbn start.sh
Execute the command:
exit
> dbnr
Set username to: jovyan
usermod: no changes
Set jovyan GID to: 100
Execute the command: jupyter notebook
Running as root is not recommended. Use --allow-root to bypass.
exit
> dbnr bash
root@893cb78b8c9c:~#
> dbnr start.sh
Set username to: jovyan
usermod: no changes
Set jovyan GID to: 100
Execute the command:
No arguments supplied
HOSTNAME=d45c52e788b7
TERM=xterm
SHELL=/bin/bash
NB_USER=jovyan
LC_ALL=en_US.UTF-8
PATH=/opt/conda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
MINICONDA_VERSION=4.3.30
PWD=/home/jovyan
LANG=en_US.UTF-8
HOME=/home/jovyan
SHLVL=2
LANGUAGE=en_US.UTF-8
no_proxy=*.local, 169.254/16
DEBIAN_FRONTEND=noninteractive
CONDA_DIR=/opt/conda
NB_GID=100
NB_UID=1000
root@d45c52e788b7:~#
> dbnrs
Set username to: jovyan
usermod: no changes
Set jovyan GID to: 100
Granting jovyan sudo access
Execute the command: jupyter notebook
Copy/paste this URL into your browser when you connect for the first time, ....
> dbnrs bash
root@f293dce949db:~#
> dbnrs start.sh
Set username to: jovyan
usermod: no changes
Set jovyan GID to: 100
Granting jovyan sudo access
Execute the command:
No arguments supplied
HOSTNAME=d0cd57ea32e2
SHELL=/bin/bash
TERM=xterm
LC_ALL=en_US.UTF-8
USER=jovyan
SUDO_USER=root
SUDO_UID=0
USERNAME=jovyan
MAIL=/var/mail/jovyan
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
PWD=/home/jovyan
LANG=en_US.UTF-8
SHLVL=1
SUDO_COMMAND=/bin/bash -c env; PATH=$PATH; bash
HOME=/home/jovyan
LANGUAGE=en_US.UTF-8
LOGNAME=jovyan
SUDO_GID=0
_=/usr/bin/env
jovyan@d0cd57ea32e2:~$
> dbns
Container must be run as root to grant sudo permissions
Execute the command: jupyter notebook
Copy/paste this URL in..
> dbns bash
jovyan@ce5c2491fa32:~$
> dbns start.sh
Container must be run as root to grant sudo permissions
Execute the command:
exit
###### Build user setup
docker build -t $USER/base-notebook -f Dockerfile .
# Normal, dbn: docker-base-notebook
alias dbn='docker run -ti --rm -p 8888:8888 -v "$PWD":/home/jovyan/work --name base-notebook $USER/base-notebook'
# Root, dbnr: dbn with root
alias dbnr='docker run -ti --rm -p 8888:8888 --user root -v "$PWD":/home/jovyan/work --name base-notebook $USER/base-notebook'
# Jovyan SUDO, dbnr: dbn with SUDO for jovyan
alias dbnrs='docker run -ti --rm -p 8888:8888 --user root -e GRANT_SUDO=yes -v "$PWD":/home/jovyan/work --name base-notebook $USER/base-notebook'
# Root, fail to sudo for jovyan.
alias dbns='docker run -ti --rm -p 8888:8888 -e GRANT_SUDO=yes -v "$PWD":/home/jovyan/work --name base-notebook $USER/base-notebook'
ensures files have the right owner:group
unfortunately, not enough to get group-writable permissions (need acl or umask for that),
so we still need to run it after each install
- any files the user should be able to write should have group `user-permissions` with `g+rwX`
- remove `chown` from start.sh because it is no longer needed
- add `fix-permissions` script for setting the user-writable permissions on a path
- user-permissions group as GID 10000 (is there a reason for it to have a different value?)
- containers can set group with `--group-add user-writable` if they want to run with a different uid/gid
(without -u root -e NB_UID -e NB_GID, which make this unnecessary)
