fix user root permission

kbase · Sep 13, 2024 · 558a562 · 558a562
1 parent c07b3dd
commit 558a562
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 14 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -74,7 +74,7 @@ RUN chown -R spark_user:spark ${JUPYTERHUB_CONFIG_DIR}
 # Jupyter Hub user home directory
 ENV JUPYTERHUB_USER_HOME=/jupyterhub/users_home
 RUN mkdir -p $JUPYTERHUB_USER_HOME
-RUN chown -R spark_user:spark $JUPYTERHUB_USER_HOME
+RUN chown -R spark_user:spark /jupyterhub
 
 RUN npm install -g configurable-http-proxy
 

diff --git a/src/jupyterhub_config/custom_spawner.py b/src/jupyterhub_config/custom_spawner.py
@@ -35,9 +35,6 @@ def start(self):
         # Ensure the user directory exists
         self._ensure_user_directory(user_dir, username)
 
-        # Ensure the user's workspace has the correct permissions
-        self._ensure_workspace_permission(user_dir, username)
-
         # Ensure the user's Jupyter directory exists
         self._ensure_user_jupyter_directory(user_dir)
 
@@ -51,6 +48,9 @@ def start(self):
         # Configure the notebook directory based on whether the user is an admin
         self._configure_notebook_dir(username, user_dir)
 
+        # Ensure the user's workspace has the correct permissions
+        self._ensure_workspace_permission(user_dir, username)
+
         # Set the command to start the notebook
         env_vars = [f'{key}={value}' for key, value in self.environment.items()]
 
@@ -109,7 +109,7 @@ def _ensure_user_directory(self, user_dir: Path, username: str):
         """
         if not user_dir.exists():
             self.log.info(f'Creating user directory for {username}')
-            user_dir.mkdir(parents=True, exist_ok=True)  # guard against race conditions
+            user_dir.mkdir(exist_ok=True)  # guard against race conditions
         else:
             self.log.info(f'Reusing user directory for {username}')
 
@@ -126,9 +126,9 @@ def _ensure_user_jupyter_directory(self, user_dir: Path):
         jupyter_runtime_dir = jupyter_dir / 'runtime'
         juputer_data_dir = jupyter_dir / 'data'
 
-        jupyter_dir.mkdir(parents=True, exist_ok=True)
-        jupyter_runtime_dir.mkdir(parents=True, exist_ok=True)
-        juputer_data_dir.mkdir(parents=True, exist_ok=True)
+        jupyter_dir.mkdir(exist_ok=True)
+        jupyter_runtime_dir.mkdir(exist_ok=True)
+        juputer_data_dir.mkdir(exist_ok=True)
 
         self.environment['JUPYTER_CONFIG_DIR'] = str(jupyter_dir)
         self.environment['JUPYTER_RUNTIME_DIR'] = str(jupyter_runtime_dir)
@@ -140,7 +140,7 @@ def _ensure_virtual_environment(self, user_env_dir: Path):
         created with the system site-packages included.
         """
         if not user_env_dir.exists():
-            user_env_dir.mkdir(parents=True)
+            user_env_dir.mkdir(exist_ok=True)
             self.log.info(f'Creating virtual environment for {self.user.name}')
             try:
                 # Create a virtual environment with system site-packages access
@@ -207,17 +207,16 @@ def _ensure_workspace_permission(self, user_dir: Path, username: str):
             user_info = pwd.getpwnam(username)
         except KeyError:
             raise ValueError(f'System user {username} does not exist')
-
+        uid = user_info.pw_uid
         gid = user_info.pw_gid
         group_name = grp.getgrgid(gid).gr_name
 
         self.log.info(f'Configuring workspace permissions for {username}')
         # Change the directory's ownership to the user
-        subprocess.run(['sudo', 'chown', '-R', f'{username}:{group_name}', user_dir], check=True)
+        os.chown(user_dir, uid, gid)
 
         self.log.info(f'Add spark_user to the group of {group_name}')
         subprocess.run(['sudo', 'usermod', '-aG', group_name, 'spark_user'], check=True)
 
-        # TODO: Set directory permissions to 700 or 750
-        # Set directory permissions to 777: Owner (rwx), Group (rwx), Others (rwx)
-        subprocess.run(['sudo', 'chmod', '-R', '777', user_dir], check=True)
+        # Set directory permissions to 750: Owner (rwx), Group (r-x), Others (---)
+        os.chmod(user_dir, 0o750)