Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

any bad affects when starting notebook with root user rather than jovyan? #5034

Open
SmartInWhut opened this issue Nov 6, 2019 · 2 comments
Open

any bad affects when starting notebook with root user rather than jovyan? #5034

SmartInWhut opened this issue Nov 6, 2019 · 2 comments
Labels
question tag:Security

Comments

@SmartInWhut
Copy link

hi,

i found that jupyter notebook config with option '--allow-root' in Dockerfile, but the default user jovyan is in 'users' group without sudo. so i change user by 'USER root' for notebook user to run apt get or sth like that.
the question is, is there any problem with root user ? and why the defalut jovyan with unreachable '--allow-root' work together? i found sth in /issues/1375, but still confuse.

Expecting a reply or pointing out my misunderstanding,XD
@kevin-bates
Copy link
Member

Running a container as root is just bad practice and there are numerous blog posts stating why. While completely isolated containers will appear to work fine, you can get into issues when mounting host directories since they can now be manipulated as the root user. Network operations will also be performed as root, etc., etc.

Folks typically add the necessary packages to their containers at build time via a sequence similar to this...

USER root
install any packages my user will need
USER <my non root user>

If packages are needed at runtime, users can usually perform things like !pip install --user xxx from a notebook cell, etc., but baking the necessary packages into the image is usually the best approach. This is why there's a rich offering of docker-stack images referenced in @rgbkrk's response in #1375.

The --allow-root flag is essentially ignored when True. However, when False Notebook server checks if the effective user is root. If so, it exits stating that running as root is not recommended. So the flag is really Notebook's way of asking users "Are you really sure you want to run this process as root? If so, tell me by adding the --allow-root flag." It's purpose is not to say "allow this non-root user to run as root". One reason Notebook does this is because it exposes filesystem operations (via its Content Service) that could lead to bad results depending on where Notebook was started or where the root-dir option is configured to point.

@SmartInWhut
Copy link
Author

Truly appreciated for your detailed answer!
i am now clear about the security effects. but i solve this demand by sed -i '$a\jovyan ALL=(root) NOPASSWD: /usr/bin/apt-get' /etc/sudoers , to provide apt-get only.
Thanks again !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question tag:Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevin-bates @SmartInWhut