yuvipanda / jupyterhub-ssh

SSH Access to JupyterHubs
BSD 3-Clause "New" or "Revised" License
94 stars 29 forks source link

Run jupyterhub-ssh & sftp as least privileged processes #16

Open yuvipanda opened 4 years ago

yuvipanda commented 4 years ago

jupyterhub-ssh should run as an unprivileged process, with the container quite locked down in the helm configuration.

jupyterhub-sftp requires CAP_SYSADMIN and root, so we can bind mount user home directories & sshd can chroot into them. However, we should drop all other permissions there.

yuvipanda commented 4 years ago

So I played around with this, and dropped privs for the ssh process. However, jupyterhub-sftp still needs to run privileged, since it bind mounts and sshd chroots. CAP_SYS_ADMIN wasn't enough for the bind-mounting, although it was for chrooting....