Failed to start the kernel paths.py 'SetFileSecurity', 'Access is denied.'

[ghost]

Describe the bug
Failed to start the kernel

To Reproduce
Steps to reproduce the behavior:

1. Start jupyter notebook
2. Click on any notebook file
3. There will be an error 'KERNEL ERROR' screenshot#1
4. See error screenshot#2

Expected behavior
Kernel should start normally and python notebook file should execute without any issue

Screenshots
screenshor#1

screenshot#2

Desktop (please complete the following information):

• OS: Windows Server 2019
• Browser: Google Chrome Version 90.0.4430.212 (Official Build) (64-bit)

Additional context
Traceback (most recent call last):
File "C:\Anaconda\lib\site-packages\tornado\web.py", line 1704, in _execute
result = await result
File "C:\Anaconda\lib\site-packages\tornado\gen.py", line 769, in run
yielded = self.gen.throw(*exc_info) # type: ignore
File "\india.eclerx.com\ctrxdata\ARRDATA\Shreyansh.Vaghela\Application Data\Python\Python37\site-packages\notebook\services\sessions\handlers.py", line 72, in post
type=mtype))
File "C:\Anaconda\lib\site-packages\tornado\gen.py", line 762, in run
value = future.result()
File "C:\Anaconda\lib\site-packages\tornado\gen.py", line 769, in run
yielded = self.gen.throw(*exc_info) # type: ignore
File "\india.eclerx.com\ctrxdata\ARRDATA\Shreyansh.Vaghela\Application Data\Python\Python37\site-packages\notebook\services\sessions\sessionmanager.py", line 98, in create_session
kernel_id = yield self.start_kernel_for_session(session_id, path, name, type, kernel_name)
File "C:\Anaconda\lib\site-packages\tornado\gen.py", line 762, in run
value = future.result()
File "C:\Anaconda\lib\site-packages\tornado\gen.py", line 769, in run
yielded = self.gen.throw(*exc_info) # type: ignore
File "\india.eclerx.com\ctrxdata\ARRDATA\Shreyansh.Vaghela\Application Data\Python\Python37\site-packages\notebook\services\sessions\sessionmanager.py", line 111, in start_kernel_for_session
self.kernel_manager.start_kernel(path=kernel_path, kernel_name=kernel_name)
File "C:\Anaconda\lib\site-packages\tornado\gen.py", line 762, in run
value = future.result()
File "\india.eclerx.com\ctrxdata\ARRDATA\Shreyansh.Vaghela\Application Data\Python\Python37\site-packages\notebook\services\kernels\kernelmanager.py", line 176, in start_kernel
kernel_id = await maybe_future(self.pinned_superclass.start_kernel(self, **kwargs))
File "C:\Anaconda\lib\site-packages\jupyter_client\multikernelmanager.py", line 110, in start_kernel
km.start_kernel(**kwargs)
File "C:\Anaconda\lib\site-packages\jupyter_client\manager.py", line 240, in start_kernel
self.write_connection_file()
File "C:\Anaconda\lib\site-packages\jupyter_client\connect.py", line 476, in write_connection_file
kernel_name=self.kernel_name
File "C:\Anaconda\lib\site-packages\jupyter_client\connect.py", line 141, in write_connection_file
with secure_write(fname) as f:
File "C:\Anaconda\lib\contextlib.py", line 112, in enter
return next(self.gen)
File "C:\Anaconda\lib\site-packages\jupyter_core\paths.py", line 424, in secure_write
win32_restrict_file_to_user(fname)
File "C:\Anaconda\lib\site-packages\jupyter_core\paths.py", line 375, in win32_restrict_file_to_user
win32security.SetFileSecurity(fname, win32security.DACL_SECURITY_INFORMATION, sd)
pywintypes.error: (5, 'SetFileSecurity', 'Access is denied.')

[kevin-bates]

I believe this issue is due to there being a mounted, or non-native, Windows filesystem in play here. This is based on the traceback that shows some modules (namely, notebook) installed in \india.eclerx.com\ctrxdata\ARRDATA\Shreyansh.Vaghela\Application Data\Python\Python37\site-packages\notebook.

When a kernel is started, Jupyter writes the kernel's connection information to a file that is protected using native platform permissions. Windows can be a bit finicky about this and I suspect these "dual modes" are interfering with the secure_write() method. Assuming this is the case, there are a couple of actions you can take...

1. Relocate the Jupyter runtime files - such as connection files - to a local, native, filesystem location. This can be accomplished by setting the environment variable JUPYTER_RUNTIME_DIR to a native folder with appropriate permissions for applications to create files within. E.g., set JUPYTER_RUNTIME_DIR=C:\jupyter\runtime where C:\jupyter\runtime is created prior to the launch of the notebook server.
2. If you're not concerned about the security of the kernel connection information, you can set JUPYTER_ALLOW_INSECURE_WRITES=1, which bypasses this particular SetFileSecurity call. Note that there may be a general issue with writing to some mounted filesystems, so if this didn't work, you'd likely need to go with option 1.

Should you not get moving forward, please provide the output of jupyter troubleshoot. At that time, we will likely relocate this issue to jupyter_core, where this applicable code resides.

[ghost]

Hi @kevin-bates
Thanks for reply. Let me share what worked for me.

Solution-1
1- Create a new conda environment >conda env create test
2- Uninstall jupyter client current version >conda uninstall jupyter_client
3- Install old version of jupyter client >conda install jupyter_client==5.3.1
4-Fix this issue

Solutions-2
I also try moving out of Anaconda & try installing 'python'

Do let me know If I should share logs for community's correct understanding because I may be not targeting the correct issue

[kevin-bates]

Hi @shreyansh-vaghela
Although you are moving forward, downgrading software will only prohibit you from moving to new versions someday. The version to which you have downgraded does not write files in a protected manner and is tantamount to taking the approach specified in option 2. Did you try either of the approaches I suggested?