jupyterhub-deploy-docker icon indicating copy to clipboard operation
jupyterhub-deploy-docker copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

Docker volumes permission denied

Open SanderGn opened this issue 6 years ago • 1 comments

We are facing some problems with file system permissions on the docker host node. We want to mount our docker host user home directories to our Jupyter containers using Docker Volumes. However we get some permission denied exceptions if we want to create/delete files/folders from the jupyter web app or container terminal. any idea how to best manage this?

container user id:

jovyan@0dd0bffd1a99:~$ id
uid=1000(jovyan) gid=100(users) groups=100(users)

host user id: sssd user information

current jupyterhub setup:

  • Single azure virtual machine (Data Science Centos Image)
  • dockerspawner = 0.11.1
  • jupyterhub-ldap-authenticator = 0.3.2
  • free-ipa setup (jupyterhub node is a client) -> enabled home directories through sssd

Here is our current jupyterhub_config.py config:

# freeipa example
c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
c.LDAPAuthenticator.server_hosts = [****]
c.LDAPAuthenticator.bind_user_dn = '****'
c.LDAPAuthenticator.bind_user_password = '****'
c.LDAPAuthenticator.user_search_base = '****'
c.LDAPAuthenticator.user_search_filter = '****'
c.LDAPAuthenticator.user_membership_attribute = '****'
c.LDAPAuthenticator.group_search_base = '****'
c.LDAPAuthenticator.group_search_filter = '****'
c.LDAPAuthenticator.allowed_groups = ['*****']
c.LDAPAuthenticator.allow_nested_groups = True
c.LDAPAuthenticator.username_pattern = '[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?'
c.LDAPAuthenticator.create_user_home_dir = True
c.LDAPAuthenticator.create_user_home_dir_cmd = ['mkhomedir_helper']

## Admin Settings
c.Authenticator.admin_users = {'***', '***'}

## Docker Spawner settings
import dockerspawner

# Spawn single-user servers as Docker containers
c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'

# Connect containers to this Docker network
c.DockerSpawner.use_internal_ip = True

# Remove containers once they are stopped
c.DockerSpawner.remove_containers = True

# For debugging arguments passed to spawned containers
c.DockerSpawner.debug = True

# List of available docker images
c.DockerSpawner.image_whitelist = {
    'Jupyter: Tensorflow': 'jupyter/tensorflow-notebook',
    'Jupyter: Data Science': 'jupyter/datascience-notebook',
    'Jupyter: Local Spark': 'jupyter/all-spark-notebook',
    'Jupyter: Scipy': 'jupyter/scipy-notebook',
    'Jupyter: R': 'jupyter/r-notebook'
}

# Explicitly set notebook directory because we'll be mounting a host volume to
# it.  Most jupyter/docker-stacks *-notebook images run the Notebook server as
# user `jovyan`, and set the notebook directory to `/home/jovyan/work`.
# We follow the same convention.
notebook_dir = '/home/{username}/notebooks'
c.DockerSpawner.notebook_dir = notebook_dir

# Mount the real user's Docker volume on the host to the notebook user's
# notebook directory in the container
c.DockerSpawner.volumes = {
        '/home/{username}/' : '/home/{username}/'
}

# Listen on all interfaces
#c.JupyterHub.hub_ip = '0.0.0.0'
from jupyter_client.localinterfaces import public_ips
ip = public_ips()[0]
c.JupyterHub.hub_ip = ip

SanderGn avatar May 27 '19 15:05 SanderGn

got the same problem with : '/app/ftp/{username}': {"bind": '/home/jovyan/ftp', "mode": "z"} mode z doesn't help too . i'm trying to change the user of the notebook machine

BobCashStory avatar Aug 19 '19 06:08 BobCashStory

Hi :wave: This is an old issue and the repository has been updated. If you have more questions please use the Jupyter community forum https://discourse.jupyter.org/.

manics avatar Dec 05 '22 00:12 manics