Restricting OS level access from Jupyter Lab

I am running a Jupyter environment (Jupyter Lab) inside a Docker container on a remote server. Inside the container I want to restrict the OS level access from the jupyter lab such that the user must not be able to open or read any file from a specific directory of a folder.

Progress till now:

Approach: I have created a custom authorization class that inherits the jupyter_server.auth.Authorizer class and overrides it’s is_authorized method. The goal is that, the custom class must have a logic to restrict the access to a certain folder (for example: “D:\New folder (2)”), such that, every time a user tries to access that particular folder a HTTPError(403) error is raised, and the request must be blocked. The location of custom class is in the same directory as the config file i.e. “C:\Users\ashus\.jupyter”.

Inside config file:
c.ServerApp.authorizer_class = ‘C:\Users\ashus\.jupyter\CustomAuthorization.MyCustomAuthorizer’

Problem: When I run the Jupyter Lab using anaconda3 command prompt I am facing the following error:

This query is open for discussion and I would appreciate if the issue gets resolved through community support. Please add you comments and thoughts.

Have you tried restricting access server side? Through containers, user groups, quotas, etc?

Thanks @markperri for the reply, No I have not tried with that approach, could you please elaborate in you answer what exactly is it and how is it done.

Restricting OS level access is probably best left to the OS, which has a few ways of dealing with that. If you’re spawning notebooks as local processes then you can use user permissions / acl to limit access. If you’re using containers then you can specify which directories to mount to the container. Quotas are a good idea because it prevents one user from crashing the system by making large files.

1 Like