Open edgarcosta opened 3 years ago
Various functions in the LocalProcessSpawner class assume privileged access by using the builtin functions, e.g.: shutil.rmtree and os.makedirs.
LocalProcessSpawner
shutil.rmtree
os.makedirs
Being able to use sudospawner with SSL enabled for all internal communication
pre_spawn_start fails with permission denied when calling move_cert.
pre_spawn_start
move_cert
ubuntu 20.04
$ jupyterhub --version 1.4.2 $ python3 --version Python 3.8.10
acme==1.1.0 alembic==1.7.4 anyio==3.3.4 appdirs==1.4.3 argon2-cffi==21.1.0 async-generator==1.10 attrs==19.3.0 Automat==0.8.0 Babel==2.9.1 backcall==0.2.0 bleach==4.1.0 blinker==1.4 bottle==0.12.15 certbot==0.40.0 certbot-apache==0.39.0 certifi==2019.11.28 certipy==0.1.3 cffi==1.15.0 chardet==3.0.4 Click==7.0 colorama==0.4.3 command-not-found==0.3 ConfigArgParse==0.13.0 configobj==5.0.6 constantly==15.1.0 cryptography==2.8 cycler==0.10.0 dbus-python==1.2.16 debugpy==1.5.1 decorator==5.1.0 defusedxml==0.7.1 devscripts===2.20.2ubuntu2 distlib==0.3.0 distro==1.4.0 distro-info===0.23ubuntu1 docker==4.1.0 entrypoints==0.3 filelock==3.0.12 future==0.18.2 Glances==3.1.3 gpg===1.13.1-unknown greenlet==1.1.2 httplib2==0.14.0 hyperlink==19.0.0 idna==2.8 importlib-metadata==1.5.0 importlib-resources==5.3.0 incremental==16.10.1 influxdb==5.2.0 ipykernel==6.4.1 ipython==7.28.0 ipython-genutils==0.2.0 jedi==0.18.0 Jinja2==3.0.2 josepy==1.2.0 json5==0.9.6 jsonschema==4.1.0 jupyter-client==7.0.6 jupyter-core==4.8.1 jupyter-server==1.11.1 jupyter-telemetry==0.1.0 jupyterhub==1.4.2 jupyterlab==3.2.0 jupyterlab-pygments==0.1.2 jupyterlab-server==2.8.2 keyring==18.0.1 kiwisolver==1.0.1 language-selector==0.1 launchpadlib==1.10.13 lazr.restfulclient==0.14.2 lazr.uri==1.0.3 Mako==1.1.5 MarkupSafe==2.0.1 matplotlib==3.1.2 matplotlib-inline==0.1.3 meld==3.20.2 mistune==0.8.4 mock==3.0.5 more-itertools==4.2.0 nbclassic==0.3.2 nbclient==0.5.4 nbconvert==6.2.0 nbformat==5.1.3 nest-asyncio==1.5.1 netifaces==0.10.4 notebook==6.4.4 numpy==1.17.4 oauthenticator==14.2.0 oauthlib==3.1.0 olefile==0.46 packaging==21.0 pamela==1.0.0 pandocfilters==1.5.0 parsedatetime==2.4 parso==0.8.2 pbr==5.4.5 pexpect==4.8.0 pickleshare==0.7.5 Pillow==7.0.0 ply==3.11 prometheus-client==0.11.0 prompt-toolkit==3.0.20 psutil==5.5.1 ptyprocess==0.7.0 pyasn1==0.4.2 pyasn1-modules==0.2.1 pycairo==1.16.2 pycparser==2.20 pycryptodomex==3.6.1 pycurl==7.43.0.2 pyflakes==2.1.1 Pygments==2.10.0 PyGObject==3.36.0 PyHamcrest==1.9.0 PyICU==2.4.2 PyJWT==1.7.1 pyOpenSSL==19.0.0 pyparsing==2.4.6 pyRFC3339==1.1 pyrsistent==0.18.0 pysmi==0.3.2 pysnmp==4.4.6 pystache==0.5.4 python-apt==2.0.0+ubuntu0.20.4.5 python-augeas==0.5.0 python-dateutil==2.7.3 python-debian===0.1.36ubuntu1 python-json-logger==2.0.2 python-magic==0.4.16 pytz==2019.3 pyxdg==0.26 PyYAML==5.3.1 pyzmq==22.3.0 requests==2.22.0 requests-toolbelt==0.8.0 requests-unixsocket==0.2.0 ruamel.yaml==0.17.16 ruamel.yaml.clib==0.2.6 SecretStorage==2.3.1 Send2Trash==1.8.0 service-identity==18.1.0 simplejson==3.16.0 six==1.14.0 sniffio==1.2.0 SQLAlchemy==1.4.25 ssh-import-id==5.10 sudospawner==0.5.2 supervisor==4.1.0 systemd-python==234 terminado==0.12.1 testpath==0.5.0 tornado==6.1 traitlets==5.1.0 Twisted==18.9.0 ubuntu-advantage-tools==20.3 ufw==0.36 unattended-upgrades==0.1 unidiff==0.5.5 urllib3==1.25.8 virtualenv==20.0.17 wadllib==1.3.3 wcwidth==0.2.5 webencodings==0.5.1 websocket-client==0.53.0 zipp==3.6.0 zope.component==4.3.0 zope.event==4.4 zope.hookable==5.0.0 zope.interface==4.7.1
c.JupyterHub.internal_ssl = True c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner' c.Spawner.debug = True
Bug description
Various functions in the
LocalProcessSpawnerclass assume privileged access by using the builtin functions, e.g.:shutil.rmtreeandos.makedirs.Expected behaviour
Being able to use sudospawner with SSL enabled for all internal communication
Actual behaviour
pre_spawn_startfails with permission denied when callingmove_cert.How to reproduce
Your personal set up
ubuntu 20.04
Full environment
Configuration
Logs