remove sudo

add SudoSpawner in separate repo, which works much better than this ever did.
2025-10-17 15:03:02 +00:00 · 2014-11-25 19:25:39 -08:00
parent f8f9c9e121
commit c4913ffc96
5 changed files with 12 additions and 176 deletions
--- a/examples/sudo/Dockerfile
+++ b/examples/sudo/Dockerfile
@@ -1,30 +0,0 @@
-# example showing sudo config
-# docker run -it -p 9000:8000 jupyter/jupyterhub-sudo
-
-FROM jupyter/jupyterhub
-
-MAINTAINER Jupyter Project <jupyter@googlegroups.com>
-
-# fix permissions on sudo executable (how did this get messed up?)
-RUN chmod 4755 /usr/bin/sudo
-
-# add the rhea user, who will run the server
-# she needs to be in the shadow group in order to access the PAM service
-RUN useradd -m -G shadow -p $(openssl passwd -1 rhea) rhea
-
-# Give rhea passwordless sudo access to run the single-user servers on behalf of users:
-ADD sudoers /tmp/sudoers
-RUN cat /tmp/sudoers >> /etc/sudoers
-RUN rm /tmp/sudoers
-
-# add the regular users
-RUN for name in io ganymede; do useradd -m -p $(openssl passwd -1 $name) $name; done
-
-# make home directories private
-RUN chmod o-rwx /home/*
-
-# make the working dir owned by rhea, so she can create the state database
-RUN chown rhea .
-
-# run the server as rhea instead of root
-USER rhea
--- a/examples/sudo/jupyterhub_config.py
+++ b/examples/sudo/jupyterhub_config.py
@@ -1,7 +0,0 @@
-# Configuration file for jupyterhub
-
-c = get_config()
-
-c.JupyterHub.admin_users = {'rhea'}
-c.LocalProcessSpawner.set_user = 'sudo'
-c.Authenticator.whitelist = {'ganymede', 'io', 'rhea'}
--- a/examples/sudo/sudoers
+++ b/examples/sudo/sudoers
@@ -1,15 +0,0 @@
-# whitelist of users that can spawn single-user servers
-Runas_Alias JUPYTER_USERS = io, europa, ganymede, callisto, rhea
-
-# the command(s) jupyterhub can run on behalf of the above users without needing a password
-Cmnd_Alias JUPYTER_CMD = /usr/local/bin/jupyterhub-singleuser
-
-# single-user servers need some JPY_ environment variables
-Defaults!JUPYTER_CMD env_keep = JPY_*
-
-# actually give hub user permission to run the above command on behalf
-# of the above users without a password
-rhea ALL=(JUPYTER_USERS) NOPASSWD:JUPYTER_CMD
-
-# allow rhea to send signals to her subprocesses (required for polling and process cleanup):
-rhea ALL=(JUPYTER_USERS) NOPASSWD:/bin/kill