Jupyter/base-notebook user permission issue

Hi Team,

After deploying the juypterhub solution from https://zero-to-jupyterhub.readthedocs.io/en/latest/.
We are facing the permission issue.
config.yaml
singleuser:
defaultUrl: “/lab”
image:
name: jupyter/base-notebook
tag: latest
storage:
type: “static”
static:
pvcName: “nfs-home-pvc”
subPath: ‘{username}’
extraEnv:
NB_USER: ${USER}
CHOWN_HOME: ‘yes’
CHOWN_HOME_OPTS: ‘-R’
cmd: “start-singleuser.sh”

Need your Guidance.

Erro222 Erro111

Could you give us more details please? What permission issue have you encountered?

HI Manics,

Please find the problem overview:-

Expected Behaviour:-
uid=1001(user1) gid=1001(user1) groups=1001(user1)
uid=1002(user2) gid=1002(user2) groups=1002(user2)

Current Behaviour:-
uid=1000(jovyan) gid=0(root) groups=0(root),100(users)

Overview:
Inside the Juypterlab the permission of the users is not as per the Linux environment.

Looking forward to your response.

Thank You
Atul Yadav

This is the relevant part of the base-notebook startup script:

You’ll need to run the singleuser server as root (UID 0) by setting singleuser.uid: 0 in your configuration so that the starting user has administrative rights to modify the default user.

Hi Manics,

Please provide the config.yaml file as still i am getting the error while launching the pod.

Thank You
Atul Yadav

I don’t have a config file with the required configuration right now. Can you please paste your current configuration here? Use triple backticks before and after so that it’ll be formatted as code.

Hi Manics,

Please find the config file output.

  secretToken: 97141abb55ea5321867979cb57bb2e6a86a2f4d6bb166fca45aedb07c212c42d
  service:
    type: NodePort
    nodePorts:
      http: 30080
      https: 30443
  networkPolicy:
    enabled: true

hub:
  cookieSecret: 1470700e01f77171c2c67b12130c25081dfbdf2697af8c2f2bd05621b31100bf
  db:
   type: sqlite-memory

prePuller:
  continuous:
    enabled: true

singleuser:
  defaultUrl: "/lab"
  storage:
    type: "static"
    static:
      pvcName: "nfs-home-pvc"
      subPath: '{username}'
  extraEnv:
    GRANT_SUDO: "yes"
  uid: 0
  fsGid: 0
cmd: "start-notebook.sh"

You’ll need to pass the username and uid into the spawner as the environment variables NB_USER and NB_UID, for example using a prespawn hook. This is an old bit of config I’ve used in the past with the LDAPAuthenticator though I haven’t tested it recently:

        def pre_spawn_start(self, user, spawner):
            auth_state = yield user.get_auth_state()
            self.log.debug('pre_spawn_start auth_state:%s' % auth_state)
            if not auth_state:
                return

            # setup environment
            spawner.environment['NB_UID'] = str(
                auth_state['uidNumber'][0])
            spawner.environment['NB_USER'] = auth_state['uid'][0]

You’ll need to adjust for work with whatever authenticator you’re using. Even if you’re using the LDAPAuthenticator you’d most likely still need to modify it to match your LDAP server config.

1 Like

HI Manics,

Thanks for your guidance, but error behaviour is changed now.
linux ENV behaviour
user2@server11:~$ id
uid=1001(user2) gid=1001(user2) groups=1001(user2)
Jupyterhub Terminal

User2-issue

Why the secondary group information is coming “100”.

Thank You
Atul Yadav

100 is the default group of the user in the Docker image. The startup script does not remove the existing group, it only adds to it: