i am currently trying to setup a jupyterhub/docker-stacks solution running on Ubuntu 22.04.
For authentication I derived from LDAPAuthenticator, as i want to create a home directory (inside a mounted volume) on the host in case a new user authenticates using LDAP credentials.
The user should then be able to access his or her home folder. The idea was to change the username, UID and GID inside the single-server docker container to the UID and GID on the host.
According to the docker-stacks documentation (Common Features — Docker Stacks documentation)
this is only possible by starting the container as root?
Is this the proper way to do this, or is there some workaround that i am not aware of? (I would like to avoid starting the container as root if possible, as my IT/Linux knowledge is rather limited and i want to avoid possible security issues)
How do I properly give users persistent storage with correct access rights?
Thanks a lot for reading! Any advice and pointers in the right direction are very welcome
Thanks a lot for your answer, unfortunately the home folders should also be accessible from outside (not only home folders are mapped, but also some shared folders which are mounted network drives)
Also in the docker stacks docs they mention the following:
--user 5000 --group-add users - Launches the container with a specific user ID and adds that user to the users group so that it can modify files in the default home directory and /opt/conda. You can use these arguments as alternatives to setting ${NB_UID} and ${NB_GID}.
I tried to give ‘user’ and ‘group-add’ like this, but did not have any effect:
spawner.extra_create_kwargs.update({‘user’: ‘5000’})
Again, thanks a lot for reading and answering,
Simone
