The terminal user is root when spawned with --allow-root

Hi,all,
I’m not familier with jupyterhub and get a problem now.
I install jupyterhub on an ubuntu 18 server, with the configuration below:

c.JupyterHub.spawner_class = 'jupyterhub.spawner.SimpleLocalProcessSpawner'
c.Spawner.args = ['--allow-root']
c.Authenticator.whitelist = {'ubuntu'} 
c.Authenticator.admin_users = {'ubuntu'}
c.Spawner.notebook_dir = '/home/{username}'
c.Spawner.default_url = '/lab'

If I comment out the line spawner_class or the line “–allow-root”, it can’t spawn to a user server and I’ll get a message of timeout after 30 seconds. If I keep these lines, it will spawn to a user server, but I can see that it’s running as root, but not ubuntu backend:

(base) ubuntu@VM-0-14-ubuntu:~$ sudo vi /etc/jupyterhub/config.py
(base) ubuntu@VM-0-14-ubuntu:~$ ps -ef|grep jupyterhub
root      2542  2333  0 10:58 pts/0    00:00:00 /usr/local/anaconda3/envs/gpu/bin/python /usr/local/anaconda3/envs/gpu/bin/jupyterhub -f /etc/jupyterhub/config.py --debug
root      2564  2542  0 10:58 ?        00:00:02 /usr/local/anaconda3/envs/gpu/bin/python /usr/local/anaconda3/envs/gpu/bin/jupyterhub-singleuser --allow-root
ubuntu    4191  3452  0 11:08 pts/2    00:00:00 grep --color=auto jupyterhub

So when I open a terminal in Jupyter Lab’s browser, it turns to be root, this is a big security issue for multi-users environment. I’v tried both Jupyterhub 2.3.1 & 3.0.0, the results are same. It seems that the setuid way doesn’t work.

But on another machine which is running CentOS 7.6 and jupyterhub 2.0, I can get the correct answer:

c.Spawner.default_url = '/lab'
c.Authenticator.admin_users = set(['jean'])
c.JupyterHub.admin_access = True
c.JupyterHub.extra_log_file = '/var/log/jupyterhub.log'
c.JupyterHub.ssl_key = '/root/cert/server.key'
c.JupyterHub.ssl_cert = '/root/cert/server.crt'

And I start up Jupyterhub as a system service:

# vi /etc/systemd/system/jupyterhub.service
[Unit]
Description=Jupyterhub service
After=syslog.target network.target

[Service]
User=root
Environment="PATH=/usr/local/n/versions/node/17.7.1/bin:/usr/lib64/anaconda3/bin:/usr/lib64/anaconda3/condabin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"
ExecStart=/usr/lib64/anaconda3/bin/jupyterhub -f /etc/jupyterhub/config.py

[Install]
WantedBy=multi-user.target

I can see that the jupyter server backend is running as the spawned user:

[jean@VM-4-12-centos ~]$ ps -ef|grep jupyterhub
root      1168     1  0 10月24 ?      00:02:44 /usr/lib64/anaconda3/bin/python3.9 /usr/lib64/anaconda3/bin/jupyterhub -f /etc/jupyterhub/config
jean      5113  1168  0 10月24 ?      00:02:59 /usr/lib64/anaconda3/bin/python3.9 /usr/lib64/anaconda3/bin/jupyterhub-singleuser
jean     19333   583  0 11:17 pts/3    00:00:00 grep --color=auto jupyterhub

So when I open a terminal window in Jupyter Lab’s browser, it’s the user expected.

The versions are:

(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# node -v
v6.11.2
(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# npm -v
3.10.10
(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# configurable-http-proxy -V
4.0.1
(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# conda list configurable-http-proxy
# packages in environment at /usr/local/anaconda3/envs/gpu:
#
# Name                    Version                   Build  Channel
configurable-http-proxy   4.0.1                   node6_0  
(gpu) root@VM-0-14-ubuntu:/etc/jupyterhub# conda list jupyter
# packages in environment at /usr/local/anaconda3/envs/gpu:
#
# Name                    Version                   Build  Channel
jupyter                   1.0.0            py39h06a4308_8  
jupyter-telemetry         0.1.0                    pypi_0    pypi
jupyter_client            7.3.5            py39h06a4308_0  
jupyter_console           6.4.3              pyhd3eb1b0_0  
jupyter_core              4.11.1           py39h06a4308_0  
jupyter_server            1.18.1           py39h06a4308_0  
jupyterhub                2.3.1                    pypi_0    pypi
jupyterhub-dummyauthenticator 0.3.1                    pypi_0    pypi
jupyterlab                3.4.4            py39h06a4308_0  
jupyterlab_pygments       0.1.2                      py_0  
jupyterlab_server         2.15.2           py39h06a4308_0  
jupyterlab_widgets        1.0.0              pyhd3eb1b0_1  

I think it should be a configuration problem, anyone please gives me a hand?

Thanks in advance.

Best regards.

Jean

Addressed by myself at last, it’s only because I’v run jupyter notebook before.
According to the past at 500 error in Jupyterhub, it is a BUG which just conflicts with the notebook configuration ~/.jupyter.
As soon as I remove $HOME/.jupyter away, everything works fine.