2: 2021-07-03 (土) 18:59:47 iseki |
3: 2021-07-11 (日) 23:23:46 iseki |
- | **** /usr/local/bin/start.sh [#g40ccb19] | + | **** /usr/local/bin/start.sh (改) [#l51f1886] |
| + | #!/bin/bash |
| + | # Copyright (c) Jupyter Development Team. |
| + | # Distributed under the terms of the Modified BSD License. |
| + | |
| + | set -e |
| + | |
| + | # Exec the specified command or fall back on bash |
| + | if [ $# -eq 0 ]; then |
| + | cmd=( "bash" ) |
| + | else |
| + | cmd=( "$@" ) |
| + | fi |
| + | |
| + | run-hooks () { |
| + | # Source scripts or run executable files in a directory |
| + | if [[ ! -d "$1" ]] ; then |
| + | return |
| + | fi |
| + | echo "$0: running hooks in $1" |
| + | for f in "$1/"*; do |
| + | case "$f" in |
| + | *.sh) |
| + | echo "$0: running $f" |
| + | source "$f" |
| + | ;; |
| + | *) |
| + | if [[ -x "$f" ]] ; then |
| + | echo "$0: running $f" |
| + | "$f" |
| + | else |
| + | echo "$0: ignoring $f" |
| + | fi |
| + | ;; |
| + | esac |
| + | done |
| + | echo "$0: done running hooks in $1" |
| + | } |
| + | |
| + | run-hooks /usr/local/bin/start-notebook.d |
| + | |
| + | # Handle special flags if we're root |
| + | if [ $(id -u) == 0 ] ; then |
| + | |
| + | # |
| + | HOME_DIR="/home" |
| + | if [[ "$NB_GROUP" != "" ]]; then |
| + | HOME_DIR="$HOME_DIR/$NB_GROUP" |
| + | if [[ ! -e "$HOME_DIR" ]]; then |
| + | mkdir $HOME_DIR |
| + | fi |
| + | fi |
| + | |
| + | # Only attempt to change the jovyan username if it exists |
| + | if id jovyan &> /dev/null ; then |
| + | echo "Set username to: $NB_USER" |
| + | usermod -d $HOME_DIR/$NB_USER -l $NB_USER jovyan |
| + | fi |
| + | |
| + | # handle home and working directory if the username changed |
| + | if [[ "$NB_USER" != "jovyan" ]]; then |
| + | # changing username, make sure homedir exists |
| + | # (it could be mounted, and we shouldn't create it if it already exists) |
| + | if [[ ! -e "$HOME_DIR/$NB_USER" ]]; then |
| + | echo "Relocating home dir to $HOME_DIR/$NB_USER" |
| + | mv /home/jovyan "$HOME_DIR/$NB_USER" || ln -s /home/jovyan "$HOME_DIR/$NB_USER" |
| + | else |
| + | cd $HOME_DIR/$NB_USER |
| + | fi |
| + | # if workdir is in /home/jovyan, cd to $HOME_DIR/$NB_USER |
| + | if [[ "$PWD/" == "/home/jovyan/"* ]]; then |
| + | newcwd="$HOME_DIR/$NB_USER/${PWD:13}" |
| + | echo "Setting CWD to $newcwd" |
| + | cd "$newcwd" |
| + | fi |
| + | fi |
| + | |
| + | CHOWN_HOME=1 |
| + | # Handle case where provisioned storage does not have the correct permissions by default |
| + | # Ex: default NFS/EFS (no auto-uid/gid) |
| + | if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then |
| + | echo "Changing ownership of $HOME_DIR/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'" |
| + | chown -R $CHOWN_HOME_OPTS $NB_UID:$NB_GID $HOME_DIR/$NB_USER |
| + | fi |
| + | if [ ! -z "$CHOWN_EXTRA" ]; then |
| + | for extra_dir in $(echo $CHOWN_EXTRA | tr ',' ' '); do |
| + | echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'" |
| + | chown -R $CHOWN_EXTRA_OPTS $NB_UID:$NB_GID $extra_dir |
| + | done |
| + | fi |
| + | |
| + | # Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match |
| + | if [ "$NB_UID" != $(id -u $NB_USER) ] || [ "$NB_GID" != $(id -g $NB_USER) ]; then |
| + | echo "Set user $NB_USER UID:GID to: $NB_UID:$NB_GID" |
| + | if [ "$NB_GID" != $(id -g $NB_USER) ]; then |
| + | groupadd -f -g $NB_GID -o ${NB_GROUP:-${NB_USER}} |
| + | fi |
| + | userdel $NB_USER |
| + | useradd --home $HOME_DIR/$NB_USER -u $NB_UID -g $NB_GID -G 100 -l $NB_USER |
| + | fi |
| + | |
| + | # Enable sudo if requested |
| + | if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then |
| + | echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH" |
| + | echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook |
| + | fi |
| + | |
| + | # Add $CONDA_DIR/bin to sudo secure_path |
| + | sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path |
| + | |
| + | # Exec the command as NB_USER with the PATH and the rest of |
| + | # the environment preserved |
| + | run-hooks /usr/local/bin/before-notebook.d |
| + | echo "Executing the command: ${cmd[@]}" |
| + | exec sudo -E -H -u $NB_USER PATH=$PATH XDG_CACHE_HOME=$HOME_DIR/$NB_USER/.cache PYTHONPATH=${PYTHONPATH:-} "${cmd[@]}" |
| + | else |
| + | if [[ "$NB_UID" == "$(id -u jovyan 2>/dev/null)" && "$NB_GID" == "$(id -g jovyan 2>/dev/null)" ]]; then |
| + | # User is not attempting to override user/group via environment |
| + | # variables, but they could still have overridden the uid/gid that |
| + | # container runs as. Check that the user has an entry in the passwd |
| + | # file and if not add an entry. |
| + | STATUS=0 && whoami &> /dev/null || STATUS=$? && true |
| + | if [[ "$STATUS" != "0" ]]; then |
| + | if [[ -w /etc/passwd ]]; then |
| + | echo "Adding passwd file entry for $(id -u)" |
| + | cat /etc/passwd | sed -e "s/^jovyan:/nayvoj:/" > /tmp/passwd |
| + | echo "jovyan:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd |
| + | cat /tmp/passwd > /etc/passwd |
| + | rm /tmp/passwd |
| + | else |
| + | echo 'Container must be run with group "root" to update passwd file' |
| + | fi |
| + | fi |
| + | |
| + | # Warn if the user isn't going to be able to write files to $HOME. |
| + | if [[ ! -w /home/jovyan ]]; then |
| + | echo 'Container must be run with group "users" to update files' |
| + | fi |
| + | else |
| + | # Warn if looks like user want to override uid/gid but hasn't |
| + | # run the container as root. |
| + | if [[ ! -z "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then |
| + | echo 'Container must be run as root to set $NB_UID' |
| + | fi |
| + | if [[ ! -z "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then |
| + | echo 'Container must be run as root to set $NB_GID' |
| + | fi |
| + | fi |
| + | |
| + | # Warn if looks like user want to run in sudo mode but hasn't run |
| + | # the container as root. |
| + | if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then |
| + | echo 'Container must be run as root to grant sudo permissions' |
| + | fi |
| + | |
| + | # Execute the command |
| + | run-hooks /usr/local/bin/before-notebook.d |
| + | echo "Executing the command: ${cmd[@]}" |
| + | exec "${cmd[@]}" |
| + | fi |
| + | |
| + | **** /usr/local/bin/start.sh.orig [#g40ccb19] |
| #!/bin/bash | | #!/bin/bash |
| # Copyright (c) Jupyter Development Team. | | # Copyright (c) Jupyter Development Team. |