hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-12 04:23:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4160 from Christiandike/update/configsudo.md

Browse Source 
Update/configsudo.md
This commit is contained in:
Min RK
2022-10-24 12:57:53 +02:00
committed by GitHub
parent 15c691b358 1c95d94b96
commit ab7ec8b33d
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/source/reference/config-sudo.md
View File

@@ -6,10 +6,10 @@ Only do this if you are very sure you must.
## Overview
There are many Authenticators and Spawners available for JupyterHub. Some, such
as DockerSpawner or OAuthenticator, do not need any elevated permissions. This
There are many [Authenticators](./authenticators-users-basics) and [Spawners](./spawners-basics) available for JupyterHub. Some, such
as [DockerSpawner](https://github.com/jupyterhub/dockerspawner) or [OAuthenticator](https://github.com/jupyterhub/oauthenticator), do not need any elevated permissions. This
document describes how to get the full default behavior of JupyterHub while
running notebook servers as real system users on a shared system without
running notebook servers as real system users on a shared system, without
running the Hub itself as root.
Since JupyterHub needs to spawn processes as other users, the simplest way
@@ -90,7 +90,7 @@ $ adduser -G jupyterhub newuser
Test that the new user doesn't need to enter a password to run the sudospawner
command.
This should prompt for your password to switch to rhea, but _not_ prompt for
This should prompt for your password to switch to `rhea`, but _not_ prompt for
any password for the second switch. It should show some help output about
logging options:
@@ -119,7 +119,7 @@ the shadow password database.
### Shadow group (Linux)
**Note:** On Fedora based distributions there is no clear way to configure
**Note:** On [Fedora based distributions](https://fedoraproject.org/wiki/List_of_Fedora_remixes) there is no clear way to configure
the PAM database to allow sufficient access for authenticating with the target user's password
from JupyterHub. As a workaround we recommend use an
[alternative authentication method](https://github.com/jupyterhub/jupyterhub/wiki/Authenticators).
@@ -150,7 +150,7 @@ We want our new user to be able to read the shadow passwords, so add it to the s
$ sudo usermod -a -G shadow rhea
```
If you want jupyterhub to serve pages on a restricted port (such as port 80 for http),
If you want jupyterhub to serve pages on a restricted port (such as port 80 for HTTP),
then you will need to give `node` permission to do so:
```bash
@@ -226,7 +226,7 @@ And try logging in.
## Troubleshooting: SELinux
If you still get a generic `Permission denied` `PermissionError`, it's possible SELinux is blocking you.
Here's how you can make a module to allow this.
Here's how you can make a module to resolve this.
First, put this in a file named `sudo_exec_selinux.te`:
```bash
@@ -253,6 +253,6 @@ $ semodule -i sudo_exec_selinux.pp
## Troubleshooting: PAM session errors
If the PAM authentication doesn't work and you see errors for
`login:session-auth`, or similar, considering updating to a more recent version
`login:session-auth`, or similar, consider updating to a more recent version
of jupyterhub and disabling the opening of PAM sessions with
`c.PAMAuthenticator.open_sessions=False`.