Skip to content

The method move_cert needs to be overridden #73

Description

@edgarcosta

Bug description

Various functions in the LocalProcessSpawner class assume privileged access by using the builtin functions, e.g.: shutil.rmtree and os.makedirs.

Expected behaviour

Being able to use sudospawner with SSL enabled for all internal communication

Actual behaviour

pre_spawn_start fails with permission denied when calling move_cert.

How to reproduce

  1. Set up sudospawner
  2. Enable SSL for all internal communication

Your personal set up

  • OS:

ubuntu 20.04

  • Version(s):
$ jupyterhub --version
1.4.2
$ python3 --version
Python 3.8.10
  • Full environment
acme==1.1.0
alembic==1.7.4
anyio==3.3.4
appdirs==1.4.3
argon2-cffi==21.1.0
async-generator==1.10
attrs==19.3.0
Automat==0.8.0
Babel==2.9.1
backcall==0.2.0
bleach==4.1.0
blinker==1.4
bottle==0.12.15
certbot==0.40.0
certbot-apache==0.39.0
certifi==2019.11.28
certipy==0.1.3
cffi==1.15.0
chardet==3.0.4
Click==7.0
colorama==0.4.3
command-not-found==0.3
ConfigArgParse==0.13.0
configobj==5.0.6
constantly==15.1.0
cryptography==2.8
cycler==0.10.0
dbus-python==1.2.16
debugpy==1.5.1
decorator==5.1.0
defusedxml==0.7.1
devscripts===2.20.2ubuntu2
distlib==0.3.0
distro==1.4.0
distro-info===0.23ubuntu1
docker==4.1.0
entrypoints==0.3
filelock==3.0.12
future==0.18.2
Glances==3.1.3
gpg===1.13.1-unknown
greenlet==1.1.2
httplib2==0.14.0
hyperlink==19.0.0
idna==2.8
importlib-metadata==1.5.0
importlib-resources==5.3.0
incremental==16.10.1
influxdb==5.2.0
ipykernel==6.4.1
ipython==7.28.0
ipython-genutils==0.2.0
jedi==0.18.0
Jinja2==3.0.2
josepy==1.2.0
json5==0.9.6
jsonschema==4.1.0
jupyter-client==7.0.6
jupyter-core==4.8.1
jupyter-server==1.11.1
jupyter-telemetry==0.1.0
jupyterhub==1.4.2
jupyterlab==3.2.0
jupyterlab-pygments==0.1.2
jupyterlab-server==2.8.2
keyring==18.0.1
kiwisolver==1.0.1
language-selector==0.1
launchpadlib==1.10.13
lazr.restfulclient==0.14.2
lazr.uri==1.0.3
Mako==1.1.5
MarkupSafe==2.0.1
matplotlib==3.1.2
matplotlib-inline==0.1.3
meld==3.20.2
mistune==0.8.4
mock==3.0.5
more-itertools==4.2.0
nbclassic==0.3.2
nbclient==0.5.4
nbconvert==6.2.0
nbformat==5.1.3
nest-asyncio==1.5.1
netifaces==0.10.4
notebook==6.4.4
numpy==1.17.4
oauthenticator==14.2.0
oauthlib==3.1.0
olefile==0.46
packaging==21.0
pamela==1.0.0
pandocfilters==1.5.0
parsedatetime==2.4
parso==0.8.2
pbr==5.4.5
pexpect==4.8.0
pickleshare==0.7.5
Pillow==7.0.0
ply==3.11
prometheus-client==0.11.0
prompt-toolkit==3.0.20
psutil==5.5.1
ptyprocess==0.7.0
pyasn1==0.4.2
pyasn1-modules==0.2.1
pycairo==1.16.2
pycparser==2.20
pycryptodomex==3.6.1
pycurl==7.43.0.2
pyflakes==2.1.1
Pygments==2.10.0
PyGObject==3.36.0
PyHamcrest==1.9.0
PyICU==2.4.2
PyJWT==1.7.1
pyOpenSSL==19.0.0
pyparsing==2.4.6
pyRFC3339==1.1
pyrsistent==0.18.0
pysmi==0.3.2
pysnmp==4.4.6
pystache==0.5.4
python-apt==2.0.0+ubuntu0.20.4.5
python-augeas==0.5.0
python-dateutil==2.7.3
python-debian===0.1.36ubuntu1
python-json-logger==2.0.2
python-magic==0.4.16
pytz==2019.3
pyxdg==0.26
PyYAML==5.3.1
pyzmq==22.3.0
requests==2.22.0
requests-toolbelt==0.8.0
requests-unixsocket==0.2.0
ruamel.yaml==0.17.16
ruamel.yaml.clib==0.2.6
SecretStorage==2.3.1
Send2Trash==1.8.0
service-identity==18.1.0
simplejson==3.16.0
six==1.14.0
sniffio==1.2.0
SQLAlchemy==1.4.25
ssh-import-id==5.10
sudospawner==0.5.2
supervisor==4.1.0
systemd-python==234
terminado==0.12.1
testpath==0.5.0
tornado==6.1
traitlets==5.1.0
Twisted==18.9.0
ubuntu-advantage-tools==20.3
ufw==0.36
unattended-upgrades==0.1
unidiff==0.5.5
urllib3==1.25.8
virtualenv==20.0.17
wadllib==1.3.3
wcwidth==0.2.5
webencodings==0.5.1
websocket-client==0.53.0
zipp==3.6.0
zope.component==4.3.0
zope.event==4.4
zope.hookable==5.0.0
zope.interface==4.7.1
  • Configuration
c.JupyterHub.internal_ssl = True
c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner'
c.Spawner.debug = True
  • Logs
23:58:52.770 [ConfigProxy] info: Adding route / -> https://127.0.0.1:8081
23:58:52.771 [ConfigProxy] info: Route added / -> https://127.0.0.1:8081
23:58:52.772 [ConfigProxy] info: 201 POST /api/routes/
[I 2021-10-18 23:58:52.773 JupyterHub app:2849] JupyterHub is now running at https://:8000
[I 2021-10-18 23:58:53.634 JupyterHub log:189] 302 GET / -> /hub/ (@::ffff:130.44.171.90) 1.47ms
[I 2021-10-18 23:58:53.737 JupyterHub log:189] 302 GET /hub/ -> /hub/spawn (edgarcosta@::ffff:130.44.171.90) 16.68ms
[I 2021-10-18 23:58:53.995 JupyterHub provider:574] Creating oauth client jupyterhub-user-edgarcosta
[I 2021-10-18 23:58:54.115 JupyterHub spawner:950] Creating certs for edgarcosta: DNS:localhost;IP:127.0.0.1
[E 2021-10-18 23:58:54.305 JupyterHub user:718] Unhandled error starting edgarcosta's server: [Errno 13] Permission denied: '/home/edgarcosta/.jupyterhub'
[W 2021-10-18 23:58:54.476 JupyterHub web:1787] 500 GET /hub/spawn (::ffff:130.44.171.90): Error in Authenticator.pre_spawn_start: PermissionError [Errno 13] Permission denied: '/home/edgarcosta/.jupyterhub'

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions