Can we use `singleuser.extraFiles` to define sensitive server extension config?

krassowski · June 13, 2024, 10:20pm

I would like to place jupyter_myextension_config.py with sensitive config values in the single server filesystem so that it is:

read by the server, but
not accessibly by the user

It seems that singleuser.extraFiles does (or almost does) what I want - I was able to modify the mode of the files in /etc/jupyter to 440 but then upon seeing it belongs to users group I realised that I need 400 assuming that the single server is started by a user with different privilages that the user which accesses it. Two questions:

which OS user spawns the server? How can I check this? If it is the same user as the user that is given to the person who accesses the server, can these two be separated in a way?
after I set the mode to 440 I do not seem to be able to change it to 400. I guess that the Helm chart may not be updating the file permissions even after redeploying/manually restarting pods. Is it correct or am I missing something?

krassowski · June 14, 2024, 10:43am

Manually deleting the secret is helpful butit did not solve my problem fully (kubectl delete secret -n namespace singleuser). I saw that the file has 660 despite me requesting 440.

The helm chart code sets mode on the secret:

github.com

jupyterhub/zero-to-jupyterhub-k8s/blob/be4962ef96a2323f20cbc9afe91ee6c106ab413a/jupyterhub/files/hub/jupyterhub_config.py#L317-L323


      
              if "mode" in file_details:
                  item["mode"] = file_details["mode"]
              items.append(item)
          volume["secret"] = {
              "secretName": get_name("singleuser"),
              "items": items,
          }

but I could not find documentation for this key, I only see defaultMode documented here.

The kubernetes documentation helped me by pointing out that in JSON I need to pass decimal rather than octal value. Still, the permissions were not fully respected. It appears that the entire thing has many gotchas.

In particular, it seems impossible to remove the read permission from group when Pod.spec.securityContext.runAsUser is set. I see that exact same issue reported in kubernetes with 33 upvotes:

github.com/kubernetes/kubernetes

Setting defaultMode is not Fully Respected When Pod.spec.securityContext.runAsUser is Set

opened 01:52AM - 06 Jan 18 UTC

pnovotnak

kind/bug sig/storage priority/important-longterm lifecycle/frozen triage/accepted

**Is this a BUG REPORT or FEATURE REQUEST?**: /kind bug **What happened**:… Setting `Pod.spec.securityContext.runAsUser` causes the group read permission bit to be set on secrets exposed via volumes, even if `Pod.spec.volumes[x].defaultMode` is set to `256`. See also: https://github.com/openshift/origin/issues/16424 **What you expected to happen**: Given a `defaultMode` of `256` the file mode should be `0400` but it is `0440` instead. **How to reproduce it (as minimally and precisely as possible)**: Create the following objects and observe the logs of the created pod: ``` --- apiVersion: v1 data: test: dGVzdA== kind: Secret metadata: name: test-secret type: Opaque --- apiVersion: v1 kind: Pod metadata: generateName: issue-repro- spec: securityContext: runAsUser: 1000 fsGroup: 1000 containers: - image: busybox name: busybox imagePullPolicy: IfNotPresent args: - "ls" - "-alR" - "/tmp/dummy-secret" volumeMounts: - mountPath: /tmp/dummy-secret name: test-secret volumes: - name: test-secret secret: defaultMode: 256 secretName: test-secret ``` **Anything else we need to know?**: **Environment**: - Kubernetes version (use `kubectl version`): ``` $ kubectl version Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-16T03:15:38Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"0b9efaeb34a2fc51ff8e4d34ad9bc6375459c4a4", GitTreeState:"clean", BuildDate:"2017-11-29T22:43:34Z", GoVersion:"go1.9.1", Compiler:"gc", Platform:"linux/amd64"} ``` - Cloud provider or hardware configuration: ``` $ minikube version minikube version: v0.24.1 ``` - OS (e.g. from /etc/os-release): ``` $ cat /etc/os-release NAME=Buildroot VERSION=2017.02 ID=buildroot VERSION_ID=2017.02 PRETTY_NAME="Buildroot 2017.02" ``` - Kernel (e.g. `uname -a`): ``` $ uname -a Linux minikube 4.9.13 #1 SMP Thu Oct 19 17:14:00 UTC 2017 x86_64 GNU/Linux ``` - Install tools: - Others:

quote:

Given a defaultMode of 256 the file mode should be 0400 but it is 0440 instead.

krassowski · June 14, 2024, 11:29am

Also relevant is the request for kubernetes to support setting ownership on mounted secrets, which has 180 upotes - one of the most requested k8s feature apparently:

github.com/kubernetes/kubernetes

Allow setting ownership on mounted secrets

opened 04:22PM - 07 Aug 19 UTC

maxneaga

sig/storage kind/feature help wanted priority/important-longterm

**What would you like to be added**: Currently, you can set secret file permiss…ions, but not ownership: (see the "Secret files permissions" section) https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets It would be good to add a `defaultOwner`, and possible `defaultGroup` field that would allow setting the default ownership of the secret files. **Why is this needed**: It is possible that there is more than one process running in a container, each running as a different user. (think `processA` running as `userA` and `processB` running as `userB`). `processA` might need to use `secretA` and `processB` to use `secretB`. To make the secrets usable today, `secretA` and `secretB` would need to be world-readable, because there is no way to set ownership on them. This is undesirable from the security standpoint, as `processA` could read `secretB` and vice versa.

manics · June 14, 2024, 1:31pm

It’s going to be tricky to be absolutely sure the user can’t access the secret information, especially since the singleuser-server (i.e. JupyterLab, all kernels, terminals, extensions, etc) run as the same user.

Assuming you’ve got a way of dealing with that, one option is to start the container as root, run some setup steps, and drop to an unprivileged user before starting the singleuser server.

The docker-stacks images have an example of this- you can start the container as root and pass a custom username/uid/etc:

github.com

jupyter/docker-stacks/blob/b070fb6bd9ffd3e4413db18075e09f2e0fa3fd2a/images/docker-stacks-foundation/start.sh#L57-L193


      
          if [ "$(id -u)" == 0 ]; then
              # Environment variables:
              # - NB_USER: the desired username and associated home folder
              # - NB_UID: the desired user id
              # - NB_GID: a group id we want our user to belong to
              # - NB_GROUP: a group name we want for the group
              # - GRANT_SUDO: a boolean ("1" or "yes") to grant the user sudo rights
              # - CHOWN_HOME: a boolean ("1" or "yes") to chown the user's home folder
              # - CHOWN_EXTRA: a comma-separated list of paths to chown
              # - CHOWN_HOME_OPTS / CHOWN_EXTRA_OPTS: arguments to the chown commands
          
              # Refit the jovyan user to the desired user (NB_USER)
              if id jovyan &> /dev/null; then
                  if ! usermod --home "/home/${NB_USER}" --login "${NB_USER}" jovyan 2>&1 | grep "no changes" > /dev/null; then
                      _log "Updated the jovyan user:"
                      _log "- username: jovyan       -> ${NB_USER}"
                      _log "- home dir: /home/jovyan -> /home/${NB_USER}"
                  fi
              elif ! id -u "${NB_USER}" &> /dev/null; then
                  _log "ERROR: Neither the jovyan user nor '${NB_USER}' exists. This could be the result of stopping and starting, the container with a different NB_USER environment variable."

This file has been truncated. show original

If you set the owner and permissions of a parent directory in the image to root, and mount the secrets into a subdirectory, I think the permissions on the parent directory should prevent the unprivileged user from reaching the mounted secret since they won’t have access to the parent directory.

Topic		Replies	Views
extraFiles, permissions and the curious octal 0440 Zero to JupyterHub on Kubernetes jupyterhub	1	498	February 1, 2022
singleuser.extraFiles not working BinderHub	3	844	March 26, 2021
ServerApp.iopub_data_rate_limit Zero to JupyterHub on Kubernetes	5	1590	December 7, 2023
`extraFiles` makes folder unwritable? Zero to JupyterHub on Kubernetes	5	1098	June 16, 2021
How to configure config.yaml to add files to all users server instance(in container target filesystem) Zero to JupyterHub on Kubernetes community , jupyterlab , help-wanted	2	791	August 23, 2022

Can we use `singleuser.extraFiles` to define sensitive server extension config?

Related Topics