Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable notebook permissions (file based) #2064

Open
chris246 opened this issue Jan 23, 2017 · 11 comments
Open

Configurable notebook permissions (file based) #2064

chris246 opened this issue Jan 23, 2017 · 11 comments

Comments

@chris246
Copy link

@chris246 chris246 commented Jan 23, 2017

For our multi-user setup of Jupyter (using JupyterHub on Debian Linux) we need to grant writing access to the owning group of a Notebook.
Per default, Jupyter creates Notebooks that are writeable only for the creating user (and readable for the group and everyone else).

A possible approach would be to allow the configuration of Unix permissions in the configuration file of Jupyter and evaluate and set those permissions in notebook/notebook/services/contents/fileio.py
Although, this would not cover users using Windows.

What is your opinion on this matter in general and the approach?

@takluyver
Copy link
Member

@takluyver takluyver commented Jan 24, 2017

Maybe this is something that would make more sense to do in Jupyterhub?

@minrk
Copy link
Member

@minrk minrk commented Jan 24, 2017

I think setting default permissions needs to be done at the FileContentsManager level. I'm happy for an option / different defaults in JupyterHub if that makes sense, but I think the option needs to be exposed somewhere in the single-user code. Unless setting umask for the process is enough, in which case JupyterHub can do it at the Spawner level.

@dclong
Copy link

@dclong dclong commented Sep 26, 2017

I came across issues (with the .ipynb_checkpoints directories) when trying to setup file permissions using umask. Please refer to this issue.

@chris246
Copy link
Author

@chris246 chris246 commented Sep 26, 2017

In our case, the checkpoint directories are also a problem.
Maybe - as @minrk suggested - this could be implemented inside the FileContentsManager, if fileio is the wrong place.

I can take a closer look for a fix in October, if that is ok.

@dclong
Copy link

@dclong dclong commented Sep 27, 2017

@chris246
Great! Looking forward to a fix!

@dclong
Copy link

@dclong dclong commented Oct 11, 2017

I quickly checked the code and found the following piece of code which might be the root cause.

./services/contents/filecheckpoints.py:            ensure_dir_exists(cp_dir)

The function ensure_dir_exists is in ipython_genutils/path.py. It has a parameter mode with default value 0o755. Passing the right mode to ensure_dir_exists might resolve the issue.

@chris246
Copy link
Author

@chris246 chris246 commented Jan 15, 2018

Sorry for the delay.

Afaik umask had to be set for every user, which is not feasible in our environment.

I took a closer look on implementing the change in FileContentsManager.

My approach:

  1. Introduce new properties with default values and expose them to the notebook configuration file:
    • FileContentsManager.file_permission = 0o755
    • FileContentsManager.dir_permission = 0o755
  2. Modify FileContentsManager.save() and implement setting the specified permissions for every model['type']

Open Questions:

  1. Python 2 uses a different permission notation, 0755. Are there best practices for handling such issues?
  2. Permission setting using this approach will not work under Windows. Is that a problem?

FileContentsManager source

@takluyver
Copy link
Member

@takluyver takluyver commented Jan 15, 2018

There's a fix coming in notebook 5.3 to respect umask correctly (#3002). Notebook 5.3 should be released any day now.

Once that's out, it sounds to me like the best solution is to add support for setting umask in the relevant Jupyterhub spawners. Adding config to the notebook for default file permissions feels like we're reinventing something that the operating system already provides.

@chris246
Copy link
Author

@chris246 chris246 commented Jan 15, 2018

Ok.

Just for clarification/as summary: Notebook 5.3 will respect the current umask setting.
According to #2858, this already works for notebooks, but not for directories (especially .ipynb_checkpoints).
This is fixed by #3002.

Users can modify the notebook configuration to set the desired umask using Python.
Maybe this possibility can be explained in the Docs.

Setting the umask inside the configuration is an easy solution, that we can also apply in our environment.

Thank you for your support!

@takluyver
Copy link
Member

@takluyver takluyver commented Jan 15, 2018

That sounds about right. JupyterHub might also gain an official setting to control the umask when starting individual notebook servers (changing it in the notebook config file is a clever trick rather than something we designed).

@asuchit
Copy link

@asuchit asuchit commented Oct 5, 2018

Jupyterhub does not start the server till home directory is not set at 757 ?

I need to change the home directory /home/{user} permissions from 755 to 757.

Is there any other way to fix this issue ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants