search

plasmabio / tljh-repo2docker

Plugin for The Littlest JupyterHub to build multiple user environments with repo2docker
BSD 3-Clause "New" or "Revised" License
60 stars 15 forks source link

Each user creating its own images that only they can see? #47

Open nikl11 opened 3 years ago

nikl11 commented 3 years ago

Hello, I wanted to use this tljh with repo2docker plugin (as a replacement for binderhub which I have trouble setting up) for our independent users. I would like it to work like this: our users login to different servers via kerberos authentication, so I would like them to be able to login, create their own environment, and run them, without any other user being able to access an image of another user. I thought this is how this plugin works by default, but I see only admins can access Environments, and the every created image is visible to all users. Is there any way to do it the my way, each user has its own images that they can build or run? Thanks.

adriendelsalle commented 3 years ago

Hey @nikl11

If I understand well your use case, you would prefer that any user could trigger an image build. This sounds like a small modification to have it configurable if not yet possible. Just keep in mind administration of the server: you could pretty quickly fill your filesystem with plenty images and I'm not sure there is a way to set an upper limit and a culling strategy on images.

nikl11 commented 3 years ago

Thank you @adriendelsalle , yes it is probably easy to configure for the person who created this plugin, but for me with my current "scope" of options available, I can allow other users to build only by making them admins (which lets face it is not a solution as admins can sabotage everything if they dont what what they are doing). But that is not the main issue, the main issue for me is to have users and their images that they have built linked together and separated (in other words if user A creates images X and Y, user B creates Z, user C creates nothing, then A sees only X and Y, B sees only Z and C sees nothing. I kinda has an idea that I could prepend every image name with the users name, so like my-test-image.img would become username-my-test-image.img and then filter all the available images for the current using like "docker images | grep username ...", but again no idea where and how to implement that.

adriendelsalle commented 3 years ago

Your main issue looks effectively more complicated than making all users capable of building images. I'll try to give you some pointers if I have time soon-ish.