Is running JupyterHub as root a requirement for deployment?

We have a client that is reluctant to use JupyterHub because they don’t want to run it as root. Is that a requirement when deploying a hub?

1 Like

No, use the sudospawner. Or my Debian package, then that’s already the default.

2 Likes

https://jupyterhub.readthedocs.io/en/stable/reference/config-sudo.html describes the setup with sudospawner a bit.

1 Like

There are many ways to not run as root, depending on how much separation you want between your users.

  1. No separation at all with SimpleSpawner. This lets you run with no extra privileges at all, but your users have no separation between each other. Everyone can mess with everyone else’s stuff as they see fit. Not recommended for any production environment.
  2. Run JupyterHub as root, and give each user a different unix user. This is what the default spawner does, and is the traditional way of separating users from each other. Fairly secure, but requires you run JupyterHub as root.
  3. Use sudospawner. Same as (2), but lets you run JupyterHub as non-root, with sudo rules to explicitly allow the things JupyterHub needs to perform as root. Very popular!
  4. Use containers, dockerspawner or kubespawner. These use linux containers to separate users from each other, and so technically do not run as root. Depending on your security and scale needs, this might be a great fit or a terrible waste of time.

I’m sure I am missing some options here - these are not exclusive! You can always add more layers of security to deal with specific attack vectors - such as systemd, seccomp, selinux, apparmor, firejail, etc.

Do you know what kinda attack vectors your client is worried about? Understanding that better will help figure out which solution to pick.

3 Likes

I’m not clear on that yet, but I will check with them. These are very helpful distinctions though. The overall situation is that the client didn’t adopt JupyterHub for the reason above so they built out their own single-user server infrastructure and it sounds like a lot of work to maintain, upgrade, etc. I think the larger question that we should answer for them is: What are the advantages of using JupyterHub vs. rolling your own?