Hi,all,
I’m not familier with jupyterhub and get a problem now.
I install jupyterhub on an ubuntu 18 server, with the configuration below:
c.JupyterHub.spawner_class = 'jupyterhub.spawner.SimpleLocalProcessSpawner'
c.Spawner.args = ['--allow-root']
c.Authenticator.whitelist = {'ubuntu'}
c.Authenticator.admin_users = {'ubuntu'}
c.Spawner.notebook_dir = '/home/{username}'
c.Spawner.default_url = '/lab'
If I comment out the line spawner_class or the line “–allow-root”, it can’t spawn to a user server and I’ll get a message of timeout after 30 seconds. If I keep these lines, it will spawn to a user server, but I can see that it’s running as root, but not ubuntu backend:
(base) ubuntu@VM-0-14-ubuntu:~$ sudo vi /etc/jupyterhub/config.py
(base) ubuntu@VM-0-14-ubuntu:~$ ps -ef|grep jupyterhub
root 2542 2333 0 10:58 pts/0 00:00:00 /usr/local/anaconda3/envs/gpu/bin/python /usr/local/anaconda3/envs/gpu/bin/jupyterhub -f /etc/jupyterhub/config.py --debug
root 2564 2542 0 10:58 ? 00:00:02 /usr/local/anaconda3/envs/gpu/bin/python /usr/local/anaconda3/envs/gpu/bin/jupyterhub-singleuser --allow-root
ubuntu 4191 3452 0 11:08 pts/2 00:00:00 grep --color=auto jupyterhub
So when I open a terminal in Jupyter Lab’s browser, it turns to be root, this is a big security issue for multi-users environment. I’v tried both Jupyterhub 2.3.1 & 3.0.0, the results are same. It seems that the setuid way doesn’t work.
But on another machine which is running CentOS 7.6 and jupyterhub 2.0, I can get the correct answer:
c.Spawner.default_url = '/lab'
c.Authenticator.admin_users = set(['jean'])
c.JupyterHub.admin_access = True
c.JupyterHub.extra_log_file = '/var/log/jupyterhub.log'
c.JupyterHub.ssl_key = '/root/cert/server.key'
c.JupyterHub.ssl_cert = '/root/cert/server.crt'
And I start up Jupyterhub as a system service:
# vi /etc/systemd/system/jupyterhub.service
[Unit]
Description=Jupyterhub service
After=syslog.target network.target
[Service]
User=root
Environment="PATH=/usr/local/n/versions/node/17.7.1/bin:/usr/lib64/anaconda3/bin:/usr/lib64/anaconda3/condabin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"
ExecStart=/usr/lib64/anaconda3/bin/jupyterhub -f /etc/jupyterhub/config.py
[Install]
WantedBy=multi-user.target
I can see that the jupyter server backend is running as the spawned user:
[jean@VM-4-12-centos ~]$ ps -ef|grep jupyterhub
root 1168 1 0 10月24 ? 00:02:44 /usr/lib64/anaconda3/bin/python3.9 /usr/lib64/anaconda3/bin/jupyterhub -f /etc/jupyterhub/config
jean 5113 1168 0 10月24 ? 00:02:59 /usr/lib64/anaconda3/bin/python3.9 /usr/lib64/anaconda3/bin/jupyterhub-singleuser
jean 19333 583 0 11:17 pts/3 00:00:00 grep --color=auto jupyterhub
So when I open a terminal window in Jupyter Lab’s browser, it’s the user expected.
The versions are:
(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# node -v
v6.11.2
(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# npm -v
3.10.10
(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# configurable-http-proxy -V
4.0.1
(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# conda list configurable-http-proxy
# packages in environment at /usr/local/anaconda3/envs/gpu:
#
# Name Version Build Channel
configurable-http-proxy 4.0.1 node6_0
(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# conda list jupyter
# packages in environment at /usr/local/anaconda3/envs/gpu:
#
# Name Version Build Channel
jupyter 1.0.0 py39h06a4308_8
jupyter-telemetry 0.1.0 pypi_0 pypi
jupyter_client 7.3.5 py39h06a4308_0
jupyter_console 6.4.3 pyhd3eb1b0_0
jupyter_core 4.11.1 py39h06a4308_0
jupyter_server 1.18.1 py39h06a4308_0
jupyterhub 2.3.1 pypi_0 pypi
jupyterhub-dummyauthenticator 0.3.1 pypi_0 pypi
jupyterlab 3.4.4 py39h06a4308_0
jupyterlab_pygments 0.1.2 py_0
jupyterlab_server 2.15.2 py39h06a4308_0
jupyterlab_widgets 1.0.0 pyhd3eb1b0_1
I think it should be a configuration problem, anyone please gives me a hand?
Thanks in advance.
Best regards.
Jean