Skip to content

Commit

Permalink
Merge pull request #845 from jupyter-on-openshift/block-su-and-sudo
Browse files Browse the repository at this point in the history 
Disable su/sudo access unless sudo explicitly enabled for a specific user using GRANT_SUDO.
  • Loading branch information
@parente
parente committed Apr 8, 2019
2 parents 6576148 + d52c702 commit 5ed91e8
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions base-notebook/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,9 @@ RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashr

# Create NB_USER wtih name jovyan user with UID=1000 and in the 'users' group
# and make sure these dirs are writable by the `users` group.
RUN groupadd wheel -g 11 && \
echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \
RUN echo "auth requisite pam_deny.so" >> /etc/pam.d/su && \
sed -i.bak -e 's/^%admin/#%admin/' /etc/sudoers && \
sed -i.bak -e 's/^%sudo/#%sudo/' /etc/sudoers && \
useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \
mkdir -p $CONDA_DIR && \
chown $NB_USER:$NB_GID $CONDA_DIR && \
Expand Down

0 comments on commit 5ed91e8

Please sign in to comment.