Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission denied when setting UID and GID #964

Closed
aicampbell opened this issue Sep 27, 2019 · 1 comment
Closed

Permission denied when setting UID and GID #964

aicampbell opened this issue Sep 27, 2019 · 1 comment

Comments

@aicampbell
Copy link

aicampbell commented Sep 27, 2019
edited
Loading

Hi,

I have set up Binderhub on a local Kubernetes cluster.
I have mounted some NFS directories to the Jupyterhub instance so I need to change the UID and GID of the containers being run so that I can read/write.

When I try to launch a notebook with a Github repsoitory on the Binderhub page, I always get the error:
PermissionError: [Errno 13] Permission denied: '/home/jovyan/.local/share/jupyter/runtime'

However, if I launch a notebook using the Jupyterhub instance created with Binderhub, the notebook is started as the UID and GID for my user. The permission denied error does not occur.

I have changed the UID and GID in the config.yaml like this:
c.BinderSpawner.fs_gid = get_gid
c.BinderSpawner.uid = get_uid
c.BinderSpawner.gid = get_gid
c.BinderSpawner.run_as_uid = get_uid
c.BinderSpawner.run_as_gid = get_gid
c.BinderSpawner.supplemental_gids = [100] # Needed to access Jovyen files

I don't understand why I get the permission denied error when I try to create the notebook using the binderhub page but not when I use the Jupyterhub page.

I have attached the full config.yaml here.

config:
  BinderHub: 
    auth_enabled: true
    use_registry: true
    use_named_servers: true
    hub_url: http://<kubernetes-cluster>:32534
    image_prefix: aicampbell/binder-dev-

service:
  type: NodePort
  nodePort: 30058


jupyterhub:
  cull:
    users: False
  singleuser:
    memory:
      limit: 8G
      guarantee: 4G
    cpu:
      limit: 1
      guarantee: .5

  hub:
    allowNamedServers: true
    services:
      binder:
        oauth_redirect_uri: "http://<kubernetes-cluster>:30058/hub/oauth_callback"
        oauth_client_id: "<>"
    extraEnv:
      OAUTH2_AUTHORIZE_URL: <>
      OAUTH2_TOKEN_URL: <>
      USERNAME: {username}
    extraConfig:
      hub_extra: |
        c.JupyterHub.redirect_to_server = False
      binder: |
        import requests
        import json
        import os

        from kubespawner import KubeSpawner

        class BinderSpawner(KubeSpawner):
          def get_username(self):
              return self.user.name

          def get_uid(self):
              ....    
              return uid

          def get_gid(self):
              .....
              return gid


          def get_home_dir_path(self, username):
              ...
              return user_path

          def start(self):
              if 'image' in self.user_options:
                # binder service sets the image spec via user options
                self.image = self.user_options['image']

              path = ' '
              path = self.get_home_dir_path(self.get_username())

              self.volumes =[
              {
                  'name': 'homedir',
                  'hostPath': {
                      'path': str(path)
                   }
              }
              ]

              self.volume_mounts = [
              {
                  'name': 'homedir',
                  'mountPath': '/home/jovyan/home'
              }
              ] 
              
              return super().start()
        c.JupyterHub.spawner_class = BinderSpawner
       
        def get_uid(Spawner):
            ...
            return uid

        def get_gid(Spawner):
            ...
            return gid

        c.BinderSpawner.fs_gid = get_gid
        c.BinderSpawner.uid = get_uid
        c.BinderSpawner.gid = get_gid
        c.BinderSpawner.run_as_uid = get_uid
        c.BinderSpawner.run_as_gid = get_gid
        c.BinderSpawner.supplemental_gids = [100] # Needed to access Jovyen files


  singleuser:
    # to make notebook servers aware of hub
    cmd: jupyterhub-singleuser 
    schedulerStrategy: spread
    storage:
      type: none


  auth:
    type: custom
    admin:
      users:
        - user1
    custom:
      className: oauthenticator.generic.GenericOAuthenticator
      config:
        login_service: "Keycloak"
        client_id: "<>"
        client_secret: "<>"
        token_url: <>
        userdata_url: <>
        userdata_method: GET
        userdata_params: {'state': 'state'}
        username_key: preferred_username

Many thanks,
Aidan
@manics
Copy link
Member

manics commented Sep 20, 2021

Hi 👋 This is an old issue which doesn't sound like a BinderHub bug so I'm closing it. If you have more questions please use the Jupyter community forum https://discourse.jupyter.org/.

@manics manics closed this as completed Sep 20, 2021
@MaxMood96 MaxMood96 mentioned this issue Jul 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manics @aicampbell