Dynamic user does not have home directory set in nss-systemd

[martin-vitek]

Bug description

The variable $HOME is correctly set to /var/lib/martinv, but some programs (ssh) are getting home directory by calling getent passwd $(whoami), which gives them path /.

Expected behaviour

jupyter-martinv-singleuser:x:65408:65408:Dynamic User:/var/lib/martinv:/usr/sbin/nologin

Actual behaviour

jupyter-martinv-singleuser:x:65408:65408:Dynamic User:/:/usr/sbin/nologin

How to reproduce

As dynamic user run in terminal: getent passwd $(whoami). Or try to generate ssh keys with ssh-keygen.

Your personal set up

• OS: Ubuntu 20.04.3 LTS
• Version(s):
  • jupyterhub 2.1.1
  • jupyterhub-systemdspawner 0.15.0
  • jupyterlab 3.2.8
  • python 3.8.12
  • systemd 245

Full environment

``` # packages in environment at /home/jupyter/mambaforge: # # Name Version Build Channel _libgcc_mutex 0.1 conda_forge conda-forge _openmp_mutex 4.5 1_gnu conda-forge abseil-cpp 20210324.2 h9c3ff4c_0 conda-forge absl-py 0.15.0 pyhd8ed1ab_0 conda-forge aiohttp 3.8.1 py39h3811e60_0 conda-forge aiosignal 1.2.0 pyhd8ed1ab_0 conda-forge alembic 1.7.5 pyhd8ed1ab_0 conda-forge alsa-lib 1.2.3 h516909a_0 conda-forge anyio 3.5.0 py39hf3d152e_0 conda-forge aom 3.2.0 h9c3ff4c_2 conda-forge appdirs 1.4.4 pyh9f0ad1d_0 conda-forge argon2-cffi 21.3.0 pyhd8ed1ab_0 conda-forge argon2-cffi-bindings 21.2.0 py39h3811e60_1 conda-forge asttokens 2.0.5 pyhd8ed1ab_0 conda-forge astunparse 1.6.3 pyhd8ed1ab_0 conda-forge async-timeout 4.0.2 pyhd8ed1ab_0 conda-forge async_generator 1.10 py_0 conda-forge attrs 21.4.0 pyhd8ed1ab_0 conda-forge autograd 1.3 py_0 conda-forge babel 2.9.1 pyh44b312d_0 conda-forge backcall 0.2.0 pyh9f0ad1d_0 conda-forge backports 1.0 py_2 conda-forge backports.functools_lru_cache 1.6.4 pyhd8ed1ab_0 conda-forge bcrypt 3.2.0 py39h3811e60_2 conda-forge black 21.7b0 pyhd8ed1ab_0 conda-forge bleach 4.1.0 pyhd8ed1ab_0 conda-forge blinker 1.4 py_1 conda-forge brotli 1.0.9 h7f98852_6 conda-forge brotli-bin 1.0.9 h7f98852_6 conda-forge brotlipy 0.7.0 py39h3811e60_1003 conda-forge bzip2 1.0.8 h7f98852_4 conda-forge c-ares 1.18.1 h7f98852_0 conda-forge ca-certificates 2021.10.8 ha878542_0 conda-forge cached-property 1.5.2 hd8ed1ab_1 conda-forge cached_property 1.5.2 pyha770c72_1 conda-forge cachetools 4.2.4 pyhd8ed1ab_0 conda-forge cadquery None py3.9 cadquery certifi 2021.10.8 py39hf3d152e_1 conda-forge certipy 0.1.3 py_0 conda-forge cffi 1.15.0 py39h4bc2ebd_0 conda-forge charset-normalizer 2.0.9 pyhd8ed1ab_0 conda-forge click 8.0.3 py39hf3d152e_1 conda-forge cma 2.7.0 py_0 conda-forge colorama 0.4.4 pyh9f0ad1d_0 conda-forge conda 4.11.0 py39hf3d152e_0 conda-forge conda-package-handling 1.7.3 py39h3811e60_1 conda-forge configurable-http-proxy 4.5.0 node17_h7e777a6_2 conda-forge cryptography 36.0.0 py39h95dcef6_0 conda-forge cudatoolkit 11.6.0 habf752d_10 conda-forge cudnn 8.2.1.32 h86fa8c9_0 conda-forge curl 7.80.0 h2574ce0_0 conda-forge cycler 0.11.0 pyhd8ed1ab_0 conda-forge dataclasses 0.8 pyhc8e2a94_3 conda-forge dbus 1.13.6 h5008d03_3 conda-forge debugpy 1.5.1 py39he80948d_0 conda-forge decorator 5.1.1 pyhd8ed1ab_0 conda-forge defusedxml 0.7.1 pyhd8ed1ab_0 conda-forge dill 0.3.4 pyhd8ed1ab_0 conda-forge double-conversion 3.1.7 h9c3ff4c_0 conda-forge eigen 3.4.0 h4bd325d_0 conda-forge entrypoints 0.3 pyhd8ed1ab_1003 conda-forge executing 0.8.2 pyhd8ed1ab_0 conda-forge expat 2.4.3 h9c3ff4c_0 conda-forge ezdxf 0.17.2 py39h1a9c180_0 conda-forge ffmpeg 4.4.1 h6987444_0 conda-forge flit-core 3.6.0 pyhd8ed1ab_0 conda-forge font-ttf-dejavu-sans-mono 2.37 hab24e00_0 conda-forge font-ttf-inconsolata 3.000 h77eed37_0 conda-forge font-ttf-source-code-pro 2.038 h77eed37_0 conda-forge font-ttf-ubuntu 0.83 hab24e00_0 conda-forge fontconfig 2.13.94 ha180cfb_0 conda-forge fonts-conda-ecosystem 1 0 conda-forge fonts-conda-forge 1 0 conda-forge fonttools 4.29.0 py39h3811e60_0 conda-forge freeimage 3.18.0 h88c329d_7 conda-forge freetype 2.10.4 h0708190_1 conda-forge frozenlist 1.3.0 py39h3811e60_0 conda-forge future 0.18.2 py39hf3d152e_4 conda-forge gast 0.4.0 pyh9f0ad1d_0 conda-forge gettext 0.19.8.1 h73d1719_1008 conda-forge giflib 5.2.1 h36c2ea0_2 conda-forge gitdb 4.0.9 pyhd8ed1ab_0 conda-forge gitpython 3.1.26 pyhd8ed1ab_0 conda-forge gl2ps 1.4.2 h0708190_0 conda-forge glew 2.1.0 h9c3ff4c_2 conda-forge gmp 6.2.1 h58526e2_0 conda-forge gnutls 3.6.13 h85f3911_1 conda-forge google-auth 1.35.0 pyh6c4a22f_0 conda-forge google-auth-oauthlib 0.4.6 pyhd8ed1ab_0 conda-forge google-pasta 0.2.0 pyh8c360ce_0 conda-forge greenlet 1.1.2 py39he80948d_1 conda-forge grpc-cpp 1.41.1 h75e9d12_2 conda-forge grpcio 1.41.1 py39hff7568b_1 conda-forge gst-plugins-base 1.18.5 hf529b03_3 conda-forge gstreamer 1.18.5 h9f60fe5_3 conda-forge h5py 3.1.0 nompi_py39h25020de_100 conda-forge hdf4 4.2.15 h10796ff_3 conda-forge hdf5 1.10.6 nompi_h6a2412b_1114 conda-forge icu 69.1 h9c3ff4c_0 conda-forge idna 3.1 pyhd3deb0d_0 conda-forge ilmbase 2.5.5 h780b84a_0 conda-forge importlib-metadata 4.10.1 py39hf3d152e_0 conda-forge importlib_resources 5.4.0 pyhd8ed1ab_0 conda-forge iniconfig 1.1.1 pyh9f0ad1d_0 conda-forge ipykernel 6.7.0 py39hef51801_0 conda-forge ipython 8.0.1 py39hf3d152e_0 conda-forge ipython_genutils 0.2.0 py_1 conda-forge jbig 2.1 h7f98852_2003 conda-forge jedi 0.18.1 py39hf3d152e_0 conda-forge jinja2 3.0.3 pyhd8ed1ab_0 conda-forge joblib 1.1.0 pyhd8ed1ab_0 conda-forge jpeg 9e h7f98852_0 conda-forge json5 0.9.5 pyh9f0ad1d_0 conda-forge jsoncpp 1.9.4 h4bd325d_3 conda-forge jsonschema 4.4.0 pyhd8ed1ab_0 conda-forge jupyter-server-mathjax 0.2.3 pyhd8ed1ab_0 conda-forge jupyter_client 7.1.2 pyhd8ed1ab_0 conda-forge jupyter_core 4.9.1 py39hf3d152e_1 conda-forge jupyter_server 1.13.4 pyhd8ed1ab_0 conda-forge jupyter_telemetry 0.1.0 pyhd8ed1ab_1 conda-forge jupyterhub 2.1.1 hd8ed1ab_0 conda-forge jupyterhub-base 2.1.1 pyhd8ed1ab_0 conda-forge jupyterhub-systemdspawner 0.15.0 pypi_0 pypi jupyterlab 3.2.8 pyhd8ed1ab_0 conda-forge jupyterlab-git 0.34.2 pyhd8ed1ab_0 conda-forge jupyterlab-variableinspector 3.0.9 pyhd8ed1ab_0 conda-forge jupyterlab_pygments 0.1.2 pyh9f0ad1d_0 conda-forge jupyterlab_server 2.10.3 pyhd8ed1ab_0 conda-forge jxrlib 1.1 h7f98852_2 conda-forge keras 2.6.0 pyhd8ed1ab_1 conda-forge keras-preprocessing 1.1.2 pyhd8ed1ab_0 conda-forge keras-tuner 1.1.0 pyhd8ed1ab_0 conda-forge kiwisolver 1.3.2 py39h1a9c180_1 conda-forge krb5 1.19.2 hcc1bbae_3 conda-forge lame 3.100 h7f98852_1001 conda-forge lcms2 2.12 hddcbb42_0 conda-forge ld_impl_linux-64 2.36.1 hea4e1c9_2 conda-forge lerc 3.0 h9c3ff4c_0 conda-forge libarchive 3.5.2 hccf745f_1 conda-forge libblas 3.9.0 13_linux64_openblas conda-forge libbrotlicommon 1.0.9 h7f98852_6 conda-forge libbrotlidec 1.0.9 h7f98852_6 conda-forge libbrotlienc 1.0.9 h7f98852_6 conda-forge libcblas 3.9.0 13_linux64_openblas conda-forge libclang 13.0.0 default_hc23dcda_0 conda-forge libcurl 7.80.0 h2574ce0_0 conda-forge libdeflate 1.8 h7f98852_0 conda-forge libdrm 2.4.109 h7f98852_0 conda-forge libedit 3.1.20191231 he28a2e2_2 conda-forge libev 4.33 h516909a_1 conda-forge libevent 2.1.10 h9b69904_4 conda-forge libffi 3.4.2 h7f98852_5 conda-forge libgcc-ng 11.2.0 h1d223b6_11 conda-forge libgfortran-ng 11.2.0 h69a702a_12 conda-forge libgfortran5 11.2.0 h5c6108e_12 conda-forge libglib 2.70.2 h174f98d_1 conda-forge libglu 9.0.0 he1b5a44_1001 conda-forge libgomp 11.2.0 h1d223b6_11 conda-forge libiconv 1.16 h516909a_0 conda-forge liblapack 3.9.0 13_linux64_openblas conda-forge libllvm13 13.0.0 hf817b99_0 conda-forge libmamba 0.19.0 h3985d26_0 conda-forge libmambapy 0.19.0 py39h8bfa403_0 conda-forge libnetcdf 4.8.1 nompi_hcd642e3_100 conda-forge libnghttp2 1.43.0 h812cca2_1 conda-forge libogg 1.3.4 h7f98852_1 conda-forge libopenblas 0.3.18 pthreads_h8fe5266_0 conda-forge libopus 1.3.1 h7f98852_1 conda-forge libpciaccess 0.16 h516909a_0 conda-forge libpng 1.6.37 h21135ba_2 conda-forge libpq 14.1 hd57d9b9_1 conda-forge libprotobuf 3.18.1 h780b84a_0 conda-forge libraw 0.20.2 h10796ff_1 conda-forge libsodium 1.0.18 h36c2ea0_1 conda-forge libsolv 0.7.19 h780b84a_5 conda-forge libssh2 1.10.0 ha56f1ee_2 conda-forge libstdcxx-ng 11.2.0 he4da1e4_11 conda-forge libtheora 1.1.1 h7f98852_1005 conda-forge libtiff 4.3.0 h6f004c6_2 conda-forge libuuid 2.32.1 h7f98852_1000 conda-forge libuv 1.43.0 h7f98852_0 conda-forge libva 2.13.0 h7f98852_2 conda-forge libvorbis 1.3.7 h9c3ff4c_0 conda-forge libvpx 1.11.0 h9c3ff4c_3 conda-forge libwebp-base 1.2.2 h7f98852_1 conda-forge libxcb 1.13 h7f98852_1004 conda-forge libxkbcommon 1.0.3 he3ba5ed_0 conda-forge libxml2 2.9.12 h885dcf4_1 conda-forge libzip 1.8.0 h4de3113_1 conda-forge libzlib 1.2.11 h36c2ea0_1013 conda-forge loguru 0.5.3 py39hf3d152e_3 conda-forge lz4-c 1.9.3 h9c3ff4c_1 conda-forge lzo 2.10 h516909a_1000 conda-forge mako 1.1.6 pyhd8ed1ab_0 conda-forge mamba 0.19.0 py39hfa8f2c8_0 conda-forge markdown 3.3.6 pyhd8ed1ab_0 conda-forge markupsafe 2.0.1 py39h3811e60_1 conda-forge matplotlib 3.5.1 py39hf3d152e_0 conda-forge matplotlib-base 3.5.1 py39h2fa2bec_0 conda-forge matplotlib-inline 0.1.3 pyhd8ed1ab_0 conda-forge mistune 0.8.4 py39h3811e60_1005 conda-forge multidict 6.0.2 py39h3811e60_0 conda-forge multiprocess 0.70.12.2 py39h3811e60_1 conda-forge munkres 1.1.4 pyh9f0ad1d_0 conda-forge mypy_extensions 0.4.3 py39hf3d152e_4 conda-forge mysql-common 8.0.27 ha770c72_3 conda-forge mysql-libs 8.0.27 hfa10184_3 conda-forge nbclassic 0.3.5 pyhd8ed1ab_0 conda-forge nbclient 0.5.10 pyhd8ed1ab_1 conda-forge nbconvert 6.4.1 py39hf3d152e_0 conda-forge nbdime 3.1.1 pyhd8ed1ab_0 conda-forge nbformat 5.1.3 pyhd8ed1ab_0 conda-forge nbresuse 0.4.0 pyhd8ed1ab_0 conda-forge nccl 2.11.4.1 h5c60f85_1 conda-forge ncurses 6.2 h58526e2_4 conda-forge nest-asyncio 1.5.4 pyhd8ed1ab_0 conda-forge nettle 3.6 he412f7d_0 conda-forge nlopt 2.7.1 py39h3e08f04_0 conda-forge nodejs 17.4.0 h8ca31f7_0 conda-forge notebook 6.4.8 pyha770c72_0 conda-forge nptyping 1.4.4 pyhd8ed1ab_0 conda-forge nspr 4.32 h9c3ff4c_1 conda-forge nss 3.74 hb5efdd6_0 conda-forge numpy 1.19.5 py39hdbf815f_2 conda-forge oauthenticator 14.2.0 pypi_0 pypi oauthlib 3.1.1 pyhd8ed1ab_0 conda-forge occt 7.5.3 h7391655_0 conda-forge ocp 7.5.3.0 py39_3 cadquery olefile 0.46 pyh9f0ad1d_1 conda-forge openexr 2.5.5 hf817b99_0 conda-forge openh264 2.1.1 h780b84a_0 conda-forge openjpeg 2.4.0 hb52868f_1 conda-forge openssl 1.1.1l h7f98852_0 conda-forge opt_einsum 3.3.0 pyhd8ed1ab_1 conda-forge packaging 21.3 pyhd8ed1ab_0 conda-forge pamela 1.0.0 py_0 conda-forge pandas 1.4.0 py39hde0f152_0 conda-forge pandoc 2.17.0.1 h7f98852_0 conda-forge pandocfilters 1.5.0 pyhd8ed1ab_0 conda-forge paramiko 2.9.2 pyhd8ed1ab_0 conda-forge parso 0.8.3 pyhd8ed1ab_0 conda-forge pathos 0.2.8 pyhd8ed1ab_0 conda-forge pathspec 0.9.0 pyhd8ed1ab_0 conda-forge patsy 0.5.2 pyhd8ed1ab_0 conda-forge pcre 8.45 h9c3ff4c_0 conda-forge pexpect 4.8.0 pyh9f0ad1d_2 conda-forge pickleshare 0.7.5 py_1003 conda-forge pillow 8.4.0 py39ha612740_0 conda-forge pip 21.3.1 pyhd8ed1ab_0 conda-forge platformdirs 2.3.0 pyhd8ed1ab_0 conda-forge pluggy 1.0.0 py39hf3d152e_2 conda-forge plumbum 1.7.2 pyhd8ed1ab_0 conda-forge pox 0.3.0 pyhd8ed1ab_0 conda-forge ppft 1.6.6.4 pyhd8ed1ab_0 conda-forge proj 7.2.0 h277dcde_2 conda-forge prometheus_client 0.13.0 pyhd8ed1ab_0 conda-forge prompt-toolkit 3.0.24 pyha770c72_0 conda-forge protobuf 3.18.1 py39he80948d_0 conda-forge psutil 5.9.0 py39h3811e60_0 conda-forge pthread-stubs 0.4 h36c2ea0_1001 conda-forge ptyprocess 0.7.0 pyhd3deb0d_0 conda-forge pugixml 1.11.4 h9c3ff4c_0 conda-forge pure_eval 0.2.2 pyhd8ed1ab_0 conda-forge py 1.11.0 pyh6c4a22f_0 conda-forge pyasn1 0.4.8 py_0 conda-forge pyasn1-modules 0.2.7 py_0 conda-forge pybind11-abi 4 hd8ed1ab_3 conda-forge pycosat 0.6.3 py39h3811e60_1009 conda-forge pycparser 2.21 pyhd8ed1ab_0 conda-forge pycurl 7.44.1 py39h72e3413_1 conda-forge pydoe2 1.3.0 py_0 conda-forge pygments 2.11.2 pyhd8ed1ab_0 conda-forge pyjwt 2.3.0 pyhd8ed1ab_1 conda-forge pymoo 0.5.0 py39hce5d2b2_0 conda-forge pynacl 1.5.0 py39h3811e60_0 conda-forge pyopenssl 21.0.0 pyhd8ed1ab_0 conda-forge pyparsing 2.4.7 pyhd8ed1ab_1 conda-forge pyqt 5.12.3 py39hf3d152e_8 conda-forge pyqt-impl 5.12.3 py39hde8b62d_8 conda-forge pyqt5-sip 4.19.18 py39he80948d_8 conda-forge pyqtchart 5.12 py39h0fcd23e_8 conda-forge pyqtwebengine 5.12.1 py39h0fcd23e_8 conda-forge pyrsistent 0.18.1 py39h3811e60_0 conda-forge pysocks 1.7.1 py39hf3d152e_4 conda-forge pytest 6.2.5 py39hf3d152e_2 conda-forge python 3.9.7 hb7a2778_3_cpython conda-forge python-dateutil 2.8.2 pyhd8ed1ab_0 conda-forge python-flatbuffers 1.12 pyhd8ed1ab_1 conda-forge python-json-logger 2.0.1 pyh9f0ad1d_0 conda-forge python_abi 3.9 2_cp39 conda-forge pytz 2021.3 pyhd8ed1ab_0 conda-forge pyu2f 0.1.5 pyhd8ed1ab_0 conda-forge pyzmq 22.3.0 py39h37b5a0c_1 conda-forge qt 5.12.9 ha98a1a1_5 conda-forge rapidjson 1.1.0 he1b5a44_1002 conda-forge re2 2021.11.01 h9c3ff4c_0 conda-forge readline 8.1 h46c0cb4_0 conda-forge regex 2022.1.18 py39h3811e60_0 conda-forge reproc 14.2.3 h7f98852_0 conda-forge reproc-cpp 14.2.3 h9c3ff4c_0 conda-forge requests 2.26.0 pyhd8ed1ab_1 conda-forge requests-oauthlib 1.3.0 pyh9f0ad1d_0 conda-forge rpyc 5.0.1 pyhd8ed1ab_0 conda-forge rsa 4.8 pyhd8ed1ab_0 conda-forge ruamel.yaml 0.17.19 py39h3811e60_0 conda-forge ruamel.yaml.clib 0.2.6 py39h3811e60_0 conda-forge ruamel_yaml 0.15.80 py39h3811e60_1006 conda-forge salib 1.4.5 pyh6c4a22f_0 conda-forge scikit-learn 1.0.2 py39h4dfa638_0 conda-forge scipy 1.7.3 py39hee8e79c_0 conda-forge seaborn 0.11.2 hd8ed1ab_0 conda-forge seaborn-base 0.11.2 pyhd8ed1ab_0 conda-forge send2trash 1.8.0 pyhd8ed1ab_0 conda-forge setuptools 59.4.0 py39hf3d152e_0 conda-forge six 1.15.0 pyh9f0ad1d_0 conda-forge smmap 3.0.5 pyh44b312d_0 conda-forge smt 1.1.0 py39hde0f152_1 conda-forge snappy 1.1.8 he1b5a44_3 conda-forge sniffio 1.2.0 py39hf3d152e_2 conda-forge sqlalchemy 1.4.31 py39h3811e60_0 conda-forge sqlite 3.37.0 h9cd32fc_0 conda-forge stack_data 0.1.4 pyhd8ed1ab_0 conda-forge statsmodels 0.13.1 py39hce5d2b2_0 conda-forge svt-av1 0.9.0 h9c3ff4c_0 conda-forge tabulate 0.8.9 pyhd8ed1ab_0 conda-forge tbb 2020.2 h4bd325d_4 conda-forge tbb-devel 2020.2 h4bd325d_4 conda-forge tensorboard 2.6.0 pyhd8ed1ab_1 conda-forge tensorboard-data-server 0.6.0 py39h95dcef6_1 conda-forge tensorboard-plugin-wit 1.8.1 pyhd8ed1ab_0 conda-forge tensorflow 2.6.2 cuda112py39h9333c2f_1 conda-forge tensorflow-base 2.6.2 cuda112py39he9472f8_1 conda-forge tensorflow-estimator 2.6.2 cuda112py39h9333c2f_1 conda-forge termcolor 1.1.0 py_2 conda-forge terminado 0.13.1 py39hf3d152e_0 conda-forge terminaltables 3.1.10 pyhd8ed1ab_0 conda-forge testpath 0.5.0 pyhd8ed1ab_0 conda-forge threadpoolctl 3.0.0 pyh8a188c0_0 conda-forge tk 8.6.11 h27826a3_1 conda-forge toml 0.10.2 pyhd8ed1ab_0 conda-forge tomli 1.2.2 pyhd8ed1ab_0 conda-forge tornado 6.1 py39h3811e60_2 conda-forge tqdm 4.62.3 pyhd8ed1ab_0 conda-forge traitlets 5.1.1 pyhd8ed1ab_0 conda-forge typed-ast 1.5.2 py39h3811e60_0 conda-forge typing-extensions 3.7.4.3 0 conda-forge typing_extensions 3.7.4.3 py_0 conda-forge typish 1.9.3 pyhd8ed1ab_0 conda-forge tzdata 2021e he74cb21_0 conda-forge unicodedata2 14.0.0 py39h3811e60_0 conda-forge urllib3 1.26.7 pyhd8ed1ab_0 conda-forge utfcpp 3.2.1 ha770c72_0 conda-forge vtk 9.0.1 qt_py39hd1b08ba_210 conda-forge wcwidth 0.2.5 pyh9f0ad1d_2 conda-forge webencodings 0.5.1 py_1 conda-forge websocket-client 1.2.3 pyhd8ed1ab_0 conda-forge werkzeug 2.0.2 pyhd8ed1ab_0 conda-forge wheel 0.37.0 pyhd8ed1ab_1 conda-forge wrapt 1.12.1 py39h3811e60_3 conda-forge x264 1!161.3030 h7f98852_1 conda-forge x265 3.5 h4bd325d_1 conda-forge xorg-fixesproto 5.0 h7f98852_1002 conda-forge xorg-kbproto 1.0.7 h7f98852_1002 conda-forge xorg-libice 1.0.10 h7f98852_0 conda-forge xorg-libsm 1.2.3 hd9c2040_1000 conda-forge xorg-libx11 1.7.2 h7f98852_0 conda-forge xorg-libxau 1.0.9 h7f98852_0 conda-forge xorg-libxdmcp 1.1.3 h7f98852_0 conda-forge xorg-libxext 1.3.4 h7f98852_1 conda-forge xorg-libxfixes 5.0.3 h7f98852_1004 conda-forge xorg-libxt 1.2.1 h7f98852_2 conda-forge xorg-xextproto 7.3.0 h7f98852_1002 conda-forge xorg-xproto 7.0.31 h7f98852_1007 conda-forge xz 5.2.5 h516909a_1 conda-forge yaml 0.2.5 h516909a_0 conda-forge yaml-cpp 0.6.3 he1b5a44_4 conda-forge yarl 1.7.2 py39h3811e60_1 conda-forge zeromq 4.3.4 h9c3ff4c_1 conda-forge zipp 3.7.0 pyhd8ed1ab_0 conda-forge zlib 1.2.11 h36c2ea0_1013 conda-forge zstd 1.5.0 ha95c52a_0 conda-forge ```

Configuration

```python from oauthenticator.generic import GenericOAuthenticator c.Application.log_level = 10 c.JupyterHub.authenticator_class = GenericOAuthenticator c.GenericOAuthenticator.client_id = 'jupyter.fel.zcu.cz' c.GenericOAuthenticator.userdata_params = {'state': 'state'} c.GenericOAuthenticator.username_key = 'uid' c.GenericOAuthenticator.login_service = 'ORION' c.GenericOAuthenticator.scope = ['openid', 'profile'] c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner' c.SystemdSpawner.cpu_limit = 4.0 c.SystemdSpawner.mem_limit = '2G' c.SystemdSpawner.isolate_tmp = True c.SystemdSpawner.isolate_devices = True c.SystemdSpawner.disable_user_sudo = True c.SystemdSpawner.readonly_paths = ['/'] c.SystemdSpawner.dynamic_users = True c.SystemdSpawner.extra_paths = ['/var/lib/private/{USERNAME}/.local/bin', '/home/jupyter/.local/lib'] c.SystemdSpawner.unit_extra_properties = {'RuntimeDirectoryPreserve': 'no'} c.JupyterHub.bind_url = 'https://jupyter.fel.zcu.cz' c.JupyterHub.ssl_cert = '/etc/letsencrypt/live/jupyter.fel.zcu.cz/fullchain.pem' c.JupyterHub.ssl_key = '/etc/letsencrypt/live/jupyter.fel.zcu.cz/privkey.pem' ```

[welcome[bot]]

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

[behrmann]

I think this bug is somewhat unavoidable. DynamicUsers= is really not meant to represent real users and are not meant to have persistent data (which is why it implies all sorts of other systemd directives to prevent persisting data). The only reason why HOME and the working directory are set to /var/lib/<username>, is because systemdspawner explicitly does this. I don't see an easy way to change the passwd entry that nss-systemd synthesizes, though.

To be honest, I'm not sure the way this is implemented really works, since nothing guarantees, that the UID of the dynamic user will be the same for multiple invocations or another user doesn't receive the UID later on (giving at least readonly access to the wrong user).

[martin-vitek]

Unfortunately, it seems that it is unfixable. There is an issue in systemd, but it doesn't seem to be resolved any time soon.

As explained in this article, systemd is handling UIDs, so there shouldn't be a problem with them.

[behrmann]

Unfortunately, it seems that it is unfixable. There is an issue in systemd, but it doesn't seem to be resolved any time soon.

Indeed. I see the point Lennart makes in the issue. The whole situation is somewhat illdefined and most places do seem to go the HOME then pw->pw_dir route, so since most everybody seems to do that anyway, the ones who don't are the outliers.

This is obviously a bit difficult for SSH, since the SSH daemon doesn't have access to the environment of the jupyter process, which is the only place where this exists. I do wonder, though, if OpenSSH's behaviour doesn't have edge cases, e.g. I could imagine shenanigans where PAM changes the value of HOME, granted OpenSSH can be used without PAM (although I don't think most installations do this). I'm not familiar with the OpenSSH codebase, so I can't say, but if that were the case, that is something they should fix.

I'm not entirely sold that DynamicUser= is the right thing for real users (i.e. people), but even for system users supporting SSH connections might be of value.

Alas, since this is not a systemdspawner issue, i guess this can be closed.

As explained in this article, systemd is handling UIDs, so there shouldn't be a problem with them.

Ah, true, I didn't remember how DynamicUser= and StateDirectory= work together.