Deploying Hub with Security Lockdown

Hi - is there a way to deploy the Hub such that it prevents any user of notebook from accessing the box where the server is running and executing any type of root commands including being able to bring up a terminal window?

Welcome! It might be worth explaining a bit more about your JupyterHub setup, and who your users are. Especially, how have you installed JupyterHub (e.g. The Littlest JupyterHub) and what spawner type you are using.

For example, by default The Littlest JupyterHub uses something called SystemdSpawner so that each user’s notebook server is run as their own Linux user - so it is important to keep things set up so the user can only access the files they should be allowed to use etc. So users shouldn’t be able to run root commands if set up properly.

Blocking terminal itself is probably pointless if they can run Python commands within their notebooks (or even just put a ‘!’ at the start of a Jupyter code cell to run it as a shell command).

Please let us know a bit more about what you think users might be able to do on your system, and why you don’t think the setup so far prevents this, and maybe someone will have some ideas!

1 Like