I’m struggling to fire up jupyterhub, running with limited sudo rights, without root privileges. If I understand correctly, this makes it possible to run notebook servers as real system users on a shared system without running the Hub itself as root.
I followed the following steps, but for someone reason the following command keeps giving me the error that my new user (rhea) is required to give password:
sudo -u rhea sudo -n -u $USER /usr/local/bin/sudospawner --help # sudo: a password is required
I added the following lines to /etc/sudoers (edited using visudo):
Cmnd_Alias JUPYTER_CMD = /usr/local/bin/sudospawner rhea ALL=(%jupyterhub) NOPASSWD:JUPYTER_CMD
And added a new user to the group jupyterhub:
adduser -G jupyterhub newuser
I’m struggling to see why rhea is not allowed to run sudospawner. If I simply run sudo /usr/local/bin/sudospawner --help I do get the desired result.
Running on Ubuntu 16.04 EC2.
Help and advice on this is highly appreciated!
Advertisement
Answer
using the groupname in ALL=(%jupyterhub) doesn’t seem to work. try replacing it with something like
Runas_Alias JUPYTER_USERS = %jupyterhyb
rhea ALL=(JUPYTER_USERS) NOPASSWD:JUPYTER_CMD
hope it works 😉