Skip to content
Advertisement

Jupyterhub using sudo without root: can’t run sudospawner without pw

I’m struggling to fire up jupyterhub, running with limited sudo rights, without root privileges. If I understand correctly, this makes it possible to run notebook servers as real system users on a shared system without running the Hub itself as root.

I followed the following steps, but for someone reason the following command keeps giving me the error that my new user (rhea) is required to give password:

sudo -u rhea sudo -n -u $USER /usr/local/bin/sudospawner --help
# sudo: a password is required

I added the following lines to /etc/sudoers (edited using visudo):

Cmnd_Alias JUPYTER_CMD = /usr/local/bin/sudospawner
rhea ALL=(%jupyterhub) NOPASSWD:JUPYTER_CMD

And added a new user to the group jupyterhub:

adduser -G jupyterhub newuser

I’m struggling to see why rhea is not allowed to run sudospawner. If I simply run sudo /usr/local/bin/sudospawner --help I do get the desired result.

Running on Ubuntu 16.04 EC2.

Help and advice on this is highly appreciated!

Advertisement

Answer

using the groupname in ALL=(%jupyterhub) doesn’t seem to work. try replacing it with something like

Runas_Alias JUPYTER_USERS = %jupyterhyb
rhea ALL=(JUPYTER_USERS) NOPASSWD:JUPYTER_CMD

hope it works 😉

User contributions licensed under: CC BY-SA
10 People found this is helpful
Advertisement