Possibility to add groups (such as --group-add) when using NB_USER, NB_UID, NB_GID parameters

tom725 commented 3 months ago

What docker image(s) is this feature applicable to?

base-notebook

What change(s) are you proposing?

Hello ! I hope this is the right place for this message

I'm running a jupyter docker with parameters NB_USER, NB_UID, NB_GID which is very usefull.

I would like to add a group to the user in the running container, however the docker run option "--group-add" does not work in this context.

Unless I misunderstood something, I would suggest to modify the "starts.sh" script so that multiple groups can be added to the current user. I don't know exactly how to modify this script but it would imply adding a new user parameter.

How does this affect the user?

This feature will give the possibility to add multiple groups to the user

Anything else?

No response

mathbunnyru commented 3 months ago

We have startup hooks, where you can run anything inside the container, does this help?

https://jupyter-docker-stacks.readthedocs.io/en/latest/using/common.html#startup-hooks

tom725 commented 3 months ago

Ho yes it works perfectly thank you !

Here is an example of adding the "docker" group to the user. I do this to be able to run docker inside docker:

To add a script in the before-notebook.d/ directory that adds the docker group to the user ${NB_USER}, you can follow the steps below:

1. Create a Custom Dockerfile

This Dockerfile will add your script to the before-notebook.d/ directory and ensure it runs before the Jupyter Notebook starts.

# Use the official Jupyter Notebook base image
FROM jupyter/base-notebook:latest

# Copy hook script that adds the docker group to the NB_USER
USER root
COPY add-docker-group.sh /usr/local/bin/before-notebook.d/add-docker-group.sh

# Ensure the script is executable
RUN chmod +x /usr/local/bin/before-notebook.d/add-docker-group.sh

2. Create the `add-docker-group.sh` Script

The add-docker-group.sh script will add the docker group to the user ${NB_USER}. Here’s how you can write it:

#!/bin/bash

# Check if the docker group exists, if not create it
if ! getent group docker > /dev/null 2>&1; then
    groupadd -g 999 docker
fi

# Add the ${NB_USER} to the docker group
usermod -aG docker ${NB_USER}

echo "Added ${NB_USER} to the docker group."

Explanation

before-notebook.d/: This directory is for scripts that need to run before the Jupyter Notebook server starts. Your script adds the docker group (if it doesn't exist) and ensures the user ${NB_USER} is part of that group.
${NB_USER}: This environment variable holds the name of the Jupyter user, typically jovyan in official Jupyter Docker images.

This setup ensures that the docker group is correctly configured for the Jupyter Notebook user every time the container starts.

mathbunnyru commented 3 months ago

I’m glad our startup hooks worked for you. I don’t think your use case should be implemented as part of start.sh, because there is already a nice way to do the thing you want to do. So, I’m closing this issue. At the same time, if you want to contribute your experience as a custom recipe in the documentation, I think it would be nice - but it’s completely up to you if you want to do it or not.

tom725 commented 3 months ago

Yes thank you for pointing out the startup hooks solution ! I'll try to contribute to custom recipes !

benz0li commented 2 months ago

@tom725 With b-data's/my Jupyter Lab docker stacks[^1], I prefer using a docker:dind container.

[^1]: subtag docker: includes docker-ce-cli, docker-buildx-plugin, docker-compose-plugin and docker-scan-plugin (amd64 only)

.env:

NB_USER=benz0li

docker-compose.yml:

name: jupyter

services:
  docker:
    image: docker:dind
    hostname: docker
    restart: always
    networks:
      - jupyter
    volumes:
      - docker-certs:/var/tmp/docker/certs
      - docker-data:/var/lib/docker
      - ./home:/home
    environment:
      - HOME=/home/${NB_USER}
      - DOCKER_TLS_CERTDIR=/var/tmp/docker/certs
    privileged: true

  jupyterlab:
    image: glcr.b-data.ch/jupyterlab/python/scipy:latest-docker
    restart: always
    ports:
      - "127.0.0.1:8888:8888"
    networks:
      - jupyter
    volumes:
      - docker-certs:/var/tmp/docker/certs
      - ./home:/home
    environment:
      - DOCKER_HOST=tcp://docker:2376
      - DOCKER_CERT_PATH=/var/tmp/docker/certs/client
      - DOCKER_TLS_VERIFY=1
      - NB_USER=${NB_USER}
      - NOTEBOOK_ARGS=--LabApp.token=''
    user: root

networks:
  jupyter:
    external: true

volumes:
  docker-certs:
  docker-data:

Then, execute

docker network create jupyter
docker compose up -d

and access on http://127.0.0.1:8888.

jupyter / docker-stacks