sudospawner icon indicating copy to clipboard operation
sudospawner copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

The method move_cert needs to be overridden

Open edgarcosta opened this issue 3 years ago • 1 comments

Bug description

Various functions in the LocalProcessSpawner class assume privileged access by using the builtin functions, e.g.: shutil.rmtree and os.makedirs.

Expected behaviour

Being able to use sudospawner with SSL enabled for all internal communication

Actual behaviour

pre_spawn_start fails with permission denied when calling move_cert.

How to reproduce

  1. Set up sudospawner
  2. Enable SSL for all internal communication

Your personal set up

  • OS:

ubuntu 20.04

  • Version(s):
$ jupyterhub --version
1.4.2
$ python3 --version
Python 3.8.10
  • Full environment 
acme==1.1.0
alembic==1.7.4
anyio==3.3.4
appdirs==1.4.3
argon2-cffi==21.1.0
async-generator==1.10
attrs==19.3.0
Automat==0.8.0
Babel==2.9.1
backcall==0.2.0
bleach==4.1.0
blinker==1.4
bottle==0.12.15
certbot==0.40.0
certbot-apache==0.39.0
certifi==2019.11.28
certipy==0.1.3
cffi==1.15.0
chardet==3.0.4
Click==7.0
colorama==0.4.3
command-not-found==0.3
ConfigArgParse==0.13.0
configobj==5.0.6
constantly==15.1.0
cryptography==2.8
cycler==0.10.0
dbus-python==1.2.16
debugpy==1.5.1
decorator==5.1.0
defusedxml==0.7.1
devscripts===2.20.2ubuntu2
distlib==0.3.0
distro==1.4.0
distro-info===0.23ubuntu1
docker==4.1.0
entrypoints==0.3
filelock==3.0.12
future==0.18.2
Glances==3.1.3
gpg===1.13.1-unknown
greenlet==1.1.2
httplib2==0.14.0
hyperlink==19.0.0
idna==2.8
importlib-metadata==1.5.0
importlib-resources==5.3.0
incremental==16.10.1
influxdb==5.2.0
ipykernel==6.4.1
ipython==7.28.0
ipython-genutils==0.2.0
jedi==0.18.0
Jinja2==3.0.2
josepy==1.2.0
json5==0.9.6
jsonschema==4.1.0
jupyter-client==7.0.6
jupyter-core==4.8.1
jupyter-server==1.11.1
jupyter-telemetry==0.1.0
jupyterhub==1.4.2
jupyterlab==3.2.0
jupyterlab-pygments==0.1.2
jupyterlab-server==2.8.2
keyring==18.0.1
kiwisolver==1.0.1
language-selector==0.1
launchpadlib==1.10.13
lazr.restfulclient==0.14.2
lazr.uri==1.0.3
Mako==1.1.5
MarkupSafe==2.0.1
matplotlib==3.1.2
matplotlib-inline==0.1.3
meld==3.20.2
mistune==0.8.4
mock==3.0.5
more-itertools==4.2.0
nbclassic==0.3.2
nbclient==0.5.4
nbconvert==6.2.0
nbformat==5.1.3
nest-asyncio==1.5.1
netifaces==0.10.4
notebook==6.4.4
numpy==1.17.4
oauthenticator==14.2.0
oauthlib==3.1.0
olefile==0.46
packaging==21.0
pamela==1.0.0
pandocfilters==1.5.0
parsedatetime==2.4
parso==0.8.2
pbr==5.4.5
pexpect==4.8.0
pickleshare==0.7.5
Pillow==7.0.0
ply==3.11
prometheus-client==0.11.0
prompt-toolkit==3.0.20
psutil==5.5.1
ptyprocess==0.7.0
pyasn1==0.4.2
pyasn1-modules==0.2.1
pycairo==1.16.2
pycparser==2.20
pycryptodomex==3.6.1
pycurl==7.43.0.2
pyflakes==2.1.1
Pygments==2.10.0
PyGObject==3.36.0
PyHamcrest==1.9.0
PyICU==2.4.2
PyJWT==1.7.1
pyOpenSSL==19.0.0
pyparsing==2.4.6
pyRFC3339==1.1
pyrsistent==0.18.0
pysmi==0.3.2
pysnmp==4.4.6
pystache==0.5.4
python-apt==2.0.0+ubuntu0.20.4.5
python-augeas==0.5.0
python-dateutil==2.7.3
python-debian===0.1.36ubuntu1
python-json-logger==2.0.2
python-magic==0.4.16
pytz==2019.3
pyxdg==0.26
PyYAML==5.3.1
pyzmq==22.3.0
requests==2.22.0
requests-toolbelt==0.8.0
requests-unixsocket==0.2.0
ruamel.yaml==0.17.16
ruamel.yaml.clib==0.2.6
SecretStorage==2.3.1
Send2Trash==1.8.0
service-identity==18.1.0
simplejson==3.16.0
six==1.14.0
sniffio==1.2.0
SQLAlchemy==1.4.25
ssh-import-id==5.10
sudospawner==0.5.2
supervisor==4.1.0
systemd-python==234
terminado==0.12.1
testpath==0.5.0
tornado==6.1
traitlets==5.1.0
Twisted==18.9.0
ubuntu-advantage-tools==20.3
ufw==0.36
unattended-upgrades==0.1
unidiff==0.5.5
urllib3==1.25.8
virtualenv==20.0.17
wadllib==1.3.3
wcwidth==0.2.5
webencodings==0.5.1
websocket-client==0.53.0
zipp==3.6.0
zope.component==4.3.0
zope.event==4.4
zope.hookable==5.0.0
zope.interface==4.7.1
  • Configuration 
c.JupyterHub.internal_ssl = True
c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner'
c.Spawner.debug = True
  • Logs 
23:58:52.770 [ConfigProxy] info: Adding route / -> https://127.0.0.1:8081
23:58:52.771 [ConfigProxy] info: Route added / -> https://127.0.0.1:8081
23:58:52.772 [ConfigProxy] info: 201 POST /api/routes/
[I 2021-10-18 23:58:52.773 JupyterHub app:2849] JupyterHub is now running at https://:8000
[I 2021-10-18 23:58:53.634 JupyterHub log:189] 302 GET / -> /hub/ (@::ffff:130.44.171.90) 1.47ms
[I 2021-10-18 23:58:53.737 JupyterHub log:189] 302 GET /hub/ -> /hub/spawn (edgarcosta@::ffff:130.44.171.90) 16.68ms
[I 2021-10-18 23:58:53.995 JupyterHub provider:574] Creating oauth client jupyterhub-user-edgarcosta
[I 2021-10-18 23:58:54.115 JupyterHub spawner:950] Creating certs for edgarcosta: DNS:localhost;IP:127.0.0.1
[E 2021-10-18 23:58:54.305 JupyterHub user:718] Unhandled error starting edgarcosta's server: [Errno 13] Permission denied: '/home/edgarcosta/.jupyterhub'
[W 2021-10-18 23:58:54.476 JupyterHub web:1787] 500 GET /hub/spawn (::ffff:130.44.171.90): Error in Authenticator.pre_spawn_start: PermissionError [Errno 13] Permission denied: '/home/edgarcosta/.jupyterhub'

edgarcosta avatar Oct 19 '21 04:10 edgarcosta

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. welcome You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

welcome[bot] avatar Oct 19 '21 04:10 welcome[bot]