Closed wikwok closed 4 years ago
For context:; The original report was for Jupyterlab (https://github.com/jupyterlab/jupyterlab/issues/7269), so version 1.1.4 refers to the lab version.
Just to be clear here, this is a jupyter_client issue, not a JupyterLab issue. What version of jupyter_client do you have?
It says in the pip output, 5.3.3.
exactly the same issue after upgrading jupyterlab: Windows 7 Python 3.6
jupyter 1.0.0 py_2 conda-forge jupyter-server-proxy 1.1.0 pypi_0 pypi jupyter_client 5.3.3 py36_1 conda-forge jupyter_console 6.0.0 py_0 conda-forge jupyter_core 4.4.0 py_0 conda-forge jupyterlab 1.1.4 py_0 conda-forge jupyterlab_server 1.0.6 py_0 conda-forge
after starting a kernel in the browser, it fails with: File "C:\Miniconda3\envs\svass\lib\site-packages\jupyter_client\connect.py", line 100, in secure_write win32_restrict_file_to_user(fname) File "C:\Miniconda3\envs\svass\lib\site-packages\jupyter_client\connect.py", line 61, in win32_restrict_file_to_user sd = win32security.GetFileSecurity(fname, win32security.DACL_SECURITY_INFORMATION) pywintypes.error: (50, 'GetFileSecurity', 'The request is not supported.')
A recent build of pywin32
(225) fixed access rights, one of which is used in this code. However, I would have expected the failure to occur on the SetFileSecurity
call since the ACE being added references one of the affected access rights (FILE_ACCESS_ALL
).
At any rate, it might be worth stopping the notebook server and running conda install pywin32
, then ensuring the version of pywin32
is 225
and retry.
Pywin225 does not seem to resolve the issue.
Here is what i did: My pywin32 version was indeed 224.
Conda pywin225 does not seem to be available on conda for 3.6 64bit.
Binary install Pywin32 recommends download and installation from binaries. However cannot do this due to llack of admin rights.
Pip install (experimental) Experimental pip install is available for pywin32 225, but fails with "requires libarchive-c". After manually pip installing libarchive-c: pip install pywin32 --upgrade succeeds and installs 225
But after selecting the kernel:
File "C:\UBS\Dev\Miniconda3\envs\svass\lib\site-packages\jupyter_client\connect.py", line 100, in secure_write win32_restrict_file_to_user(fname) File "C:\Miniconda3\envs\svass\lib\site-packages\jupyter_client\connect.py", line 61, in win32_restrict_file_to_user sd = win32security.GetFileSecurity(fname, win32security.DACL_SECURITY_INFORMATION) pywintypes.error: (50, 'GetFileSecurity', 'The request is not supported.')
related to this issue?
the culprit is jupyter-client >= 5.3.2 downgrading to 5.3.1 resolves the issue.
pip install jupyter-client==5.3.1
With jupyterlab_server=1.0.6 and jupyter_client=5.3.3, I had the same issue. This is on Windows 10, python 3.7.3.
If I just downgraded jupyter_client to 5.3.1, then the error went away, but I couldn't hit Shift-Enter to run any cells in Jupyter Lab. So I had to downgrade jupyter_client to 5.3.1 and jupyterlab_server to 1.0.0.
conda install jupyterlab_server=1.0.0 jupyter_client=5.3.1
Spyder 4.0.1 won't run without the latest version of the jupyter_client. So a downgrade to 5.3.1 won't work for me. Any other suggestions? Must be an issue within the jupyter_client?
The issue is usually that mounted file systems, especially in windows, don't actually provide permission bit manipulation to the underlying files. Meaning when jupyter / your home directory is in such a mounted file system it can't save your connection file secrets securely and fails when saving or checking permissions. If you have a path on your system which isn't restricted in permissions you can set JUPYTER_RUNTIME_DIR or JUPYTER_DATA_DIR if you install your kernels to the location. This should enable your connection file to properly save with secure permissions on the secret file.
Thanks. I tried a 'set jupyter runtime-dir=c:\ProgramData\jupyter' but no luck the path stayed the same after I ran 'jupyter --paths'. Still pointed to my roaming profile...
I don't remember the syntax for setting environment variables on Windows, but you'll want to use uppercase and under bars in your variable name, something like this:
set JUPYTER_RUNTIME_DIR=c:\ProgramData\jupyter
Before that, however, you should upgrade jupyter_client
- which will also upgrade jupyter_core
. They should be at versions 5.3.4
and 4.6.2
respectively.
Thanks again! Progress.... I managed to upgrade both Jupyter and Spyder (4.0.1). Then ran
set JUPYTER_RUNTIME_DIR=c:\ProgramData\jupyter
I had to back track and move the 'kernels' and 'runtime' folders into the above path. When I ran spyder from the Anaconda prompt - success!! This after the set command above. No more win32security error!
However, when I run spyder from the icon on my toolbar the jupyter runtime directory is somehow lost so back to my old error. Now just to figure out how to get my set JUPYTER_RUNTIME_DIR to stick...
I don't remember the syntax for setting environment variables on Windows, but you'll want to use uppercase and under bars in your variable name, something like this:
set JUPYTER_RUNTIME_DIR=c:\ProgramData\jupyter
Before that, however, you should upgrade
jupyter_client
- which will also upgradejupyter_core
. They should be at versions5.3.4
and4.6.2
respectively.
Thank you @kevin-bates !
I have just had success. Just need to find out a way to make the setting persist, as this command seems to only work for the session inside the cmd.
This is my story for anyone else to learn (I run Anconda which comes pre installed with Jupyter):
1- When checking the environment paths by using this command: jupyter --paths I get two roaming locations one for runtime and one for data! This is because I use a corporate laptop and Windows is setup to store user data files in a roaming location on the network!
(base) C:\>jupyter --paths
config:
C:\Users\user_x\.jupyter
C:\ProgramData\Anaconda3\etc\jupyter
C:\ProgramData\jupyter
data:
\\A-FILEDATA-P\Profile\use_x\AppData\Roaming\jupyter
C:\ProgramData\Anaconda3\share\jupyter
C:\ProgramData\jupyter
runtime:
\\A-FILEDATA-P\Profile\use_x\AppData\Roaming\jupyter\runtime
(base) C:\>
2- So, I tried modifying C:\Users\user_xxx.jupyter\jupyter_notebook_config.py by adding
JUPYTER_RUNTIME_DIR = 'C:\Users\user_x\AppData\Roaming\jupyter\runtime'
but it did not work!
2- However, Big note here: I noticed that jupyter lab command fire a "stand alone" Chrome I have on a removable usb harddisk! which under the corporate Windows setup does not have any rights to write to other folder location on the laptop, thus the security error!
3- The solution was to setup two folders on my usb disk, where stand alone Chrome is found and set the environment variables to point to those locations like this:
set JUPYTER_RUNTIME_DIR=D:\jupyter\runtime
set JUPYTER_DATA_DIR=D:\jupyter
4- The only catch is that you have to do these two commands at the start of every new session as they don't persist say when you restart Jupyter lab! and as @Shongololo pointed out you can only run other programs like Spyder from the command line only for it to read the correct settings!
It remains to be found out how this could be resolved permanently.
Hi. I figured out how to get it to 'stick' by modifying my system envs for Windows 10. Done as follows: Open the Start Search, type in “env”, and choose “Edit the system environment variables”: Click the “Environment Variables…” button. Then 'New' System Variable. Add a line - Variable name = "JUPYTER_RUNTIME_DIR". Value = %path you want%. In my case it was c:\ProgramData\jupyter
If you're in an environment in which security of the running kernel connections is not a concern, another workaround exists via the recently released 4.6.2
version of jupyter_core
. The workaround is to set the environment variable JUPYTER_ALLOW_INSECURE_WRITES=True
.
Once set, and the offending Jupyter application restarted, the permission check for any file written by secure_write()
will not be enforced. You'll also see some warning messages indicating that this setting is enabled and how to restore secure writes.
You'll still need to make this env variable "stick" by adding it to the set of system envs as @Shongololo points out.
No success with @kevin-bates suggestion on jupyter_core 4.6.2
and jupyter_client 5.3.4
on Windows 7.
After setting the environment variable jupyter starts with a warning message:
WARNING: Insecure writes have been enabled via environment variable 'JUPYTER_ALLOW_INSECURE_WRITES'! If this is not intended, remove the variable or set its value to 'False'.
However, when starting up a kernel, request still fails with pywintypes error when attempting to restrict file to user:
File "C:\Programs\Miniconda3_64\envs\jup369\lib\site-packages\jupyter_core\paths.py", line 430, in secure_write win32_restrict_file_to_user(fname) File "C:\Programs\Miniconda3_64\envs\jup369\lib\site-packages\jupyter_core\paths.py", line 369, in win32_restrict_file_to_user sd = win32security.GetFileSecurity(fname, win32security.DACL_SECURITY_INFORMATION) pywintypes.error: (50, 'GetFileSecurity', 'The request is not supported.')
The user is not admin on the machine, but can write to the paths listed in:
jupyter --paths
So far, only downgrade to jupyter_client 5.3.1
has been successful.
Can confirm, JUPYTER_ALLOW_INSECURE_WRITES does not work to resolve the problem @tomanizer
This issue is messing majorly with jupyter in corporate setups.
This issue is different and won't be affected by the new env variable. For this issue, the focus should be returned to pywin32
.
I'm hoping @MSeal has some insights on Windows package/library issues.
One workaround you might try is @wikwok's above: https://github.com/jupyter/jupyter_client/issues/481#issuecomment-586636270.
I think when in insecure mode we should skip trying to do any windows ACL permissions as the number of exceptions that could be raised when you have partial or no permissions if high and hard for us to guarantee would be caught without catching all exceptions (not a good idea either). @kevin-bates we'll need another PR, I'll get it up tonight to cover this path.
Longer term perhaps jupyter should be using the registry on windows to either find a path to stash secrets, or to stash the secrets themselves, as the default file system paths jupyter selects aren't guaranteed to be editable / permissible in the way needed for secure writes.
This issue is messing majorly with jupyter in corporate setups.
Apologies for that. It would help to know what the mounted file system is and if it's your whole filesystem or just a single folder. It seems like the whole home directory is mounted in a way that permissions can't be set, which seems like it'd be problematic for other applications that write to the .AppData and other private home folders. But I don't actually have a reproducible setup for this error so it's difficult to say what that setup is.
Thanks @MSeal!
jupyter_core 4.6.3 is now released with a skip for these checks when in insecure mode -- @Denwid could you try upgrading that package and retrying with the insecure mode set?
and @tomanizer :point_up:
Description
Launching jupyter notebook v1.1.4 python3.7 from Anaconda3 throws kernel error on windows 8.1
Default installation of jupyterlab v1.0.2 compiled with Anaconda3 works fine and not prone to this error.
Also Mac seems not prone to this issue when testing it on Mac.
Reproduce
At first instance jupyter was automatically updated when installing other Anaconda3 packages which seemed to cause the error. However, after testing lots of setups and finally installing jupyterlab on a fresh clean anaconda environment determined that the new version has got a bug running on windows 8.1 Enterprise 64bit SP0 at the least. I don't know if other versions of windows are prone to this.
Expected behavior
create new python3.7 notebooks without any kernel errors.
Context
Troubleshoot Output
Command Line Output
Browser Output