I am using Azuread as the oauth for jupyterhub and I have created a folder “user-data” in the home directory of the user account for server. I have also set the create_kwargs as seen below to the user account UID.
c.DockerSpawner.extra_create_kwargs = {
"user": "1000", # Can also be an integer UID
}
The user-data folder is set to 1000 as owner and group.
Whenever I login and start the container the user folder gets created as root:root under the “user-data” folder.
Am I able to use the home directory to store the users data? I also tried creating a folder directly in the /home directory and set the chown properly but that still not work.
I can use the command below
chown -R <user>:<user> user-data/
and that will set permissions correctly so the user can access it but I dont really want to have to that for each new user.
Ironically I did have it working correctly but it seems to have broken in my further testing.
c.DockerSpawner.extra_create_kwargs = {
"user" : "1000", # Can also be an integer UID
}
# Makes the users directory and changes ownership to spawn user
def folder_permissions(DockerSpawner):
# Leaf directory
directory = "{username}"
# Parent Directories
parent_dir = "/home/folder"
# Path
path = os.path.join(parent_dir, directory)
if os.path.isdir(path) == False:
uid = 1000
gid = 1000
# Create the directory
os.makedirs(path)
os.chown(path, uid, gid)
print("Directory '% s' created" % directory)
else:
print("Directory '% s' already exist" % directory)
c.DockerSpawner.pre_spawn_hook = folder_permissions
but that still did not work. I read that trying to use os.chown() required superuser so I ran my JupyterHub docker compose with sudo and that did not work either.
Should the output of the hook display in JupyterHub logs or will it show up in the spawned docker container logs? I cant seem to find where it is even running.
I updated my config with your changes and it now shows up in the logs that the folder was created but the permissions were still wrong. I adjusted the code some to output the “id’s” of the paths but it does not output anything.
# Makes the users directory and changes ownership to spawn user
def folder_permissions(spawner):
# Leaf directory
directory = f"{spawner.user.name}"
# Parent Directories
parent_dir = "/home/user/user-data"
# Path
path = os.path.join(parent_dir, directory)
if os.path.isdir(path) == False:
uid = 1000
gid = 1000
# Create the directory
os.makedirs(path)
os.chown(path, uid, gid)
spawner.log.info("Owner id of the directory:", os.stat(path).st_uid)
spawner.log.info("Group id of the directory:", os.stat(path).st_gid)
spawner.log.info("Directory '% s' created" % directory)
else:
spawner.log.info("Directory '% s' already exist" % directory)
That leads me to think that it is not os.chown() the folders. I tried running jupyterhub with sudo to see if that may help give it permissions but that did not help either. Does the spawner run the hooks as the user that is set under extra_create_kwargs?
I set extra_create_kwargs user to root and set the environment variables for the NB_UID, NB_GID, and NB_USER but that did not work either. Inside the container was just running as root.
c.DockerSpawner.extra_create_kwargs = {
"user" : "root", # Can also be an integer UID
}
c.DockerSpawner.environment = {
"NB_UID" : "1000",
"NB_GID" : "1000",
"NB_USER": "{username}"
}
It just seems that no matter what I set it will always set the permissions of the folder as root.
I am using a container from nvidia as a base, nvcr.io/nvidia/pytorch:23.05-py3. Maybe that is creating permission issues because it is set to run as root?
I made the corrections you mentioned but all it did was print out that what the id’s were and that they were correct, 1000, but the folder was still root.
I have noticed that it will still show that it created the u_first u_last directory each time regardless if the folder is there or not.
Someone had pointed me to “CHOWN_EXTRA” and “CHOWN_EXTRA_OPTS” environment variables and I tried those with a docker run command. It worked.