hazza/docker-stacks
1
0
Fork 0
mirror of https://github.com/jupyter/docker-stacks.git synced 2025-10-17 15:02:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b4d2d6f58308374dabb5f57102c1c45eb0dc6d81
docker-stacks/base-notebook/start.sh
Christian Mesh b4d2d6f583 Support provisioned storage with incorrect permissions 
I ran into an issue when trying to get this to work with a NFS server which I did not have direct control over (EFS).  As part of the PersistentVolumeClaim, there is no easy way to set the UID and GID of the created directory.on the networked FS.

My only concern with this chown is that some user out there might be running jupyterhub in an odd configuration where $NB_USER is not supposed to have these exact permissions on the storage.  I think this is quite unlikely, but it is worth mentioning. 

I chronicled my experiences with working around this issue and setting up z2jh on EFS in https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/421 with @yuvipanda.
2018-01-31 08:51:52 -05:00

81 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
set -e
# Exec the specified command or fall back on bash
if [ $# -eq 0 ]; then
cmd=bash
else
cmd=$*
fi
# Handle special flags if we're root
if [ $(id -u) == 0 ] ; then
# Handle username change. Since this is cheap, do this unconditionally
echo "Set username to: $NB_USER"
usermod -d /home/$NB_USER -l $NB_USER jovyan
# Handle case where provisioned storage does not have the correct permissions by default
# Ex: default NFS/EFS (no auto-uid/gid)
chown $NB_UID:$NB_GID /home/$NB_USER
# handle home and working directory if the username changed
if [[ "$NB_USER" != "jovyan" ]]; then
# changing username, make sure homedir exists
# (it could be mounted, and we shouldn't create it if it already exists)
if [[ ! -e "/home/$NB_USER" ]]; then
echo "Relocating home dir to /home/$NB_USER"
mv /home/jovyan "/home/$NB_USER"
fi
# if workdir is in /home/jovyan, cd to /home/$NB_USER
if [[ "$PWD/" == "/home/jovyan/"* ]]; then
newcwd="/home/$NB_USER/${PWD:13}"
echo "Setting CWD to $newcwd"
cd "$newcwd"
fi
fi
# Change UID of NB_USER to NB_UID if it does not match
if [ "$NB_UID" != $(id -u $NB_USER) ] ; then
echo "Set $NB_USER UID to: $NB_UID"
usermod -u $NB_UID $NB_USER
fi
# Change GID of NB_USER to NB_GID if it does not match
if [ "$NB_GID" != $(id -g $NB_USER) ] ; then
echo "Set $NB_USER GID to: $NB_GID"
groupmod -g $NB_GID -o $(id -g -n $NB_USER)
fi
# Enable sudo if requested
if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then
echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH"
echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
fi
# Add $CONDA_DIR/bin to sudo secure_path
sed -ri "s#Defaults\s+secure_path=\"([^\"]+)\"#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers
# Exec the command as NB_USER with the PATH and the rest of
# the environment preserved
echo "Executing the command: $cmd"
exec sudo -E -H -u $NB_USER PATH=$PATH $cmd
else
if [[ ! -z "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then
echo 'Container must be run as root to set $NB_UID'
fi
if [[ ! -z "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then
echo 'Container must be run as root to set $NB_GID'
fi
if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then
echo 'Container must be run as root to grant sudo permissions'
fi
# Execute the command
echo "Executing the command: $cmd"
exec $cmd
fi
Reference in New Issue View Git Blame Copy Permalink