adds the conda path as a secure path to sudo.
The regular expression expects that the equals sign has no leading and trailing
spaces after the parameter secure_path. Furthermore it expects that the value
is enclosed in double quotes.
This is the case for the sudoers file in debian based distributions, but the
in centos / redhat based distributions this is not the case. The default value
of the secure_path in centos / redhat based distributions has no double quotes
and leading and trailing spaces.
This change adds optional spaces before and after the space, and makes the
double quotes optional.
whoami &> /dev/null || STATUS=$? && true
causes STATUS to be set to an empty string
when the container starts with option --add-group="root"
resulting in both nayvoj and jovyan having uid=1000
and gid=100. The first match in /etc/password wins
and so the container user ends up being "nayvoj"
accidentally.
Avoid this by checking that whoami STATUS is neither blank nor 0
before adding a new /etc/passwd entry
- The start.sh script does different operations on users, and
sometimes one may need to do operations *after* that is done (as
opposed to /usr/local/bin/start-notebook.d/ which is run before).
This provides that possibility. (One use case is hooks which must
be run after the users are set up.)
- To be technically perfect, one might want to use something similar
to /usr/local/bin/pre-start-notebook.d/. But let's start with the
simplest thing possible for now - the expected use of this command
is only if people use NB_USER, etc in a way that requires small
follow up commands to be run.
- If notebook is running as root, this allows users to run arbitrary
commands pre-sudo. Consider security model.
- If NB_GID is set, it is likely that files created should have NB_GID
as their gid (if it doesn't matter, then this change is irrelevant.
If it does matter, the liklihood that 100 matches with what the user
wants is low).
- When NB_GID is set, create a new group with that gid. Then, set
this as the primary gid of the user. Set the user's supplemental
gids to NB_GID,100.
Only the top level permissions are set wrong due to kubernetes not being able to do this automatically.
This hits significant problems when the chown takes more than 30s and the pod fails to start
