Hi, need help please…
I’ve installed JupyterHub as a non-root user. Everything works ok. Next, I want to enable internal_ssl.
After doing so, a notebook will not launch because move_certs (spawner.py) attempts to copy the internal certs to the user’s ~/$HOME/.jupyterhub. Fails with: permission denied - the non-root jupyterhub user cannot write to a user’s $HOME/
Wondering if there is a solution to this out there?
thanks
ECJ
These solutions may work for a small deployment (there are hacky and not real solutions):
Depending on your home directory permissions, you can change the ownership of ~/.jupyterhub to the same group as the jupyterhub service and make sure it is group writable.
Link the SSL files to everyone’s ~/.jupyterhub and comment out the call to move_certs
Make spawner.py SETUID root so it can copy the files (RISKY)
Use Sudo to call spwaner
Hopefully someone can offer a real solution…
Thanks! for the suggestion.
I came up with this in the meanwhile: Subclassing SudoSpawner, and overriding move_certs(). Seems to work…
– We “fix” the permissions issue by:
– 1. subclassing SudoSpawner and overriding the move_certs method
– 2. We need corresponding sudo script to do the move…
– in: jupyterhub_config.py
from sudospawner import SudoSpawner
class MySudoSpawner(SudoSpawner):
async def move_certs(self, paths):
import pwd,os,re,sys
key = paths['keyfile']
cert = paths['certfile']
ca = paths['cafile']
user = pwd.getpwnam(self.user.name)
uid = user.pw_uid
gid = user.pw_gid
home = user.pw_dir
...
os.system('sudo /home/jupyterhub/move-certs.sh ....')
...
return {"keyfile": key, "certfile": cert, "cafile": ca}
c.JupyterHub.spawner_class = MySudoSpawner
A much better solution than any of mine. 