3: 2021-07-11 (日) 23:23:46 iseki |
現: 2021-07-13 (火) 20:06:59 iseki |
- | **** /usr/local/bin/start.sh (改) [#l51f1886] | + | **** /usr/local/bin/start.sh [#g40ccb19] |
| #!/bin/bash | | #!/bin/bash |
| # Copyright (c) Jupyter Development Team. | | # Copyright (c) Jupyter Development Team. |
| # Distributed under the terms of the Modified BSD License. | | # Distributed under the terms of the Modified BSD License. |
| + | |
| set -e | | set -e |
| + | |
| # Exec the specified command or fall back on bash | | # Exec the specified command or fall back on bash |
| if [ $# -eq 0 ]; then | | if [ $# -eq 0 ]; then |
| cmd=( "$@" ) | | cmd=( "$@" ) |
| fi | | fi |
| + | |
| run-hooks () { | | run-hooks () { |
| # Source scripts or run executable files in a directory | | # Source scripts or run executable files in a directory |
| echo "$0: done running hooks in $1" | | echo "$0: done running hooks in $1" |
| } | | } |
| + | |
| run-hooks /usr/local/bin/start-notebook.d | | run-hooks /usr/local/bin/start-notebook.d |
| + | |
| # Handle special flags if we're root | | # Handle special flags if we're root |
| if [ $(id -u) == 0 ] ; then | | if [ $(id -u) == 0 ] ; then |
- | | + | |
- | # | + | |
- | HOME_DIR="/home" | + | |
- | if [[ "$NB_GROUP" != "" ]]; then | + | |
- | HOME_DIR="$HOME_DIR/$NB_GROUP" | + | |
- | if [[ ! -e "$HOME_DIR" ]]; then | + | |
- | mkdir $HOME_DIR | + | |
- | fi | + | |
- | fi | + | |
- | | + | |
- | # Only attempt to change the jovyan username if it exists | + | |
- | if id jovyan &> /dev/null ; then | + | |
- | echo "Set username to: $NB_USER" | + | |
- | usermod -d $HOME_DIR/$NB_USER -l $NB_USER jovyan | + | |
- | fi | + | |
- | | + | |
- | # handle home and working directory if the username changed | + | |
- | if [[ "$NB_USER" != "jovyan" ]]; then | + | |
- | # changing username, make sure homedir exists | + | |
- | # (it could be mounted, and we shouldn't create it if it already exists) | + | |
- | if [[ ! -e "$HOME_DIR/$NB_USER" ]]; then | + | |
- | echo "Relocating home dir to $HOME_DIR/$NB_USER" | + | |
- | mv /home/jovyan "$HOME_DIR/$NB_USER" || ln -s /home/jovyan "$HOME_DIR/$NB_USER" | + | |
- | else | + | |
- | cd $HOME_DIR/$NB_USER | + | |
- | fi | + | |
- | # if workdir is in /home/jovyan, cd to $HOME_DIR/$NB_USER | + | |
- | if [[ "$PWD/" == "/home/jovyan/"* ]]; then | + | |
- | newcwd="$HOME_DIR/$NB_USER/${PWD:13}" | + | |
- | echo "Setting CWD to $newcwd" | + | |
- | cd "$newcwd" | + | |
- | fi | + | |
- | fi | + | |
- | | + | |
- | CHOWN_HOME=1 | + | |
- | # Handle case where provisioned storage does not have the correct permissions by default | + | |
- | # Ex: default NFS/EFS (no auto-uid/gid) | + | |
- | if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then | + | |
- | echo "Changing ownership of $HOME_DIR/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'" | + | |
- | chown -R $CHOWN_HOME_OPTS $NB_UID:$NB_GID $HOME_DIR/$NB_USER | + | |
- | fi | + | |
- | if [ ! -z "$CHOWN_EXTRA" ]; then | + | |
- | for extra_dir in $(echo $CHOWN_EXTRA | tr ',' ' '); do | + | |
- | echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'" | + | |
- | chown -R $CHOWN_EXTRA_OPTS $NB_UID:$NB_GID $extra_dir | + | |
- | done | + | |
- | fi | + | |
- | | + | |
- | # Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match | + | |
- | if [ "$NB_UID" != $(id -u $NB_USER) ] || [ "$NB_GID" != $(id -g $NB_USER) ]; then | + | |
- | echo "Set user $NB_USER UID:GID to: $NB_UID:$NB_GID" | + | |
- | if [ "$NB_GID" != $(id -g $NB_USER) ]; then | + | |
- | groupadd -f -g $NB_GID -o ${NB_GROUP:-${NB_USER}} | + | |
- | fi | + | |
- | userdel $NB_USER | + | |
- | useradd --home $HOME_DIR/$NB_USER -u $NB_UID -g $NB_GID -G 100 -l $NB_USER | + | |
- | fi | + | |
- | | + | |
- | # Enable sudo if requested | + | |
- | if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then | + | |
- | echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH" | + | |
- | echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook | + | |
- | fi | + | |
- | | + | |
- | # Add $CONDA_DIR/bin to sudo secure_path | + | |
- | sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path | + | |
- | | + | |
- | # Exec the command as NB_USER with the PATH and the rest of | + | |
- | # the environment preserved | + | |
- | run-hooks /usr/local/bin/before-notebook.d | + | |
- | echo "Executing the command: ${cmd[@]}" | + | |
- | exec sudo -E -H -u $NB_USER PATH=$PATH XDG_CACHE_HOME=$HOME_DIR/$NB_USER/.cache PYTHONPATH=${PYTHONPATH:-} "${cmd[@]}" | + | |
- | else | + | |
- | if [[ "$NB_UID" == "$(id -u jovyan 2>/dev/null)" && "$NB_GID" == "$(id -g jovyan 2>/dev/null)" ]]; then | + | |
- | # User is not attempting to override user/group via environment | + | |
- | # variables, but they could still have overridden the uid/gid that | + | |
- | # container runs as. Check that the user has an entry in the passwd | + | |
- | # file and if not add an entry. | + | |
- | STATUS=0 && whoami &> /dev/null || STATUS=$? && true | + | |
- | if [[ "$STATUS" != "0" ]]; then | + | |
- | if [[ -w /etc/passwd ]]; then | + | |
- | echo "Adding passwd file entry for $(id -u)" | + | |
- | cat /etc/passwd | sed -e "s/^jovyan:/nayvoj:/" > /tmp/passwd | + | |
- | echo "jovyan:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd | + | |
- | cat /tmp/passwd > /etc/passwd | + | |
- | rm /tmp/passwd | + | |
- | else | + | |
- | echo 'Container must be run with group "root" to update passwd file' | + | |
- | fi | + | |
- | fi | + | |
- | | + | |
- | # Warn if the user isn't going to be able to write files to $HOME. | + | |
- | if [[ ! -w /home/jovyan ]]; then | + | |
- | echo 'Container must be run with group "users" to update files' | + | |
- | fi | + | |
- | else | + | |
- | # Warn if looks like user want to override uid/gid but hasn't | + | |
- | # run the container as root. | + | |
- | if [[ ! -z "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then | + | |
- | echo 'Container must be run as root to set $NB_UID' | + | |
- | fi | + | |
- | if [[ ! -z "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then | + | |
- | echo 'Container must be run as root to set $NB_GID' | + | |
- | fi | + | |
- | fi | + | |
- | | + | |
- | # Warn if looks like user want to run in sudo mode but hasn't run | + | |
- | # the container as root. | + | |
- | if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then | + | |
- | echo 'Container must be run as root to grant sudo permissions' | + | |
- | fi | + | |
- | | + | |
- | # Execute the command | + | |
- | run-hooks /usr/local/bin/before-notebook.d | + | |
- | echo "Executing the command: ${cmd[@]}" | + | |
- | exec "${cmd[@]}" | + | |
- | fi | + | |
- | | + | |
- | **** /usr/local/bin/start.sh.orig [#g40ccb19] | + | |
- | #!/bin/bash | + | |
- | # Copyright (c) Jupyter Development Team. | + | |
- | # Distributed under the terms of the Modified BSD License. | + | |
- | | + | |
- | set -e | + | |
- | | + | |
- | # Exec the specified command or fall back on bash | + | |
- | if [ $# -eq 0 ]; then | + | |
- | cmd=( "bash" ) | + | |
- | else | + | |
- | cmd=( "$@" ) | + | |
- | fi | + | |
- | | + | |
- | run-hooks () { | + | |
- | # Source scripts or run executable files in a directory | + | |
- | if [[ ! -d "$1" ]] ; then | + | |
- | return | + | |
- | fi | + | |
- | echo "$0: running hooks in $1" | + | |
- | for f in "$1/"*; do | + | |
- | case "$f" in | + | |
- | *.sh) | + | |
- | echo "$0: running $f" | + | |
- | source "$f" | + | |
- | ;; | + | |
- | *) | + | |
- | if [[ -x "$f" ]] ; then | + | |
- | echo "$0: running $f" | + | |
- | "$f" | + | |
- | else | + | |
- | echo "$0: ignoring $f" | + | |
- | fi | + | |
- | ;; | + | |
- | esac | + | |
- | done | + | |
- | echo "$0: done running hooks in $1" | + | |
- | } | + | |
- | | + | |
- | run-hooks /usr/local/bin/start-notebook.d | + | |
- | | + | |
- | # Handle special flags if we're root | + | |
- | if [ $(id -u) == 0 ] ; then | + | |
| # Only attempt to change the jovyan username if it exists | | # Only attempt to change the jovyan username if it exists |
| if id jovyan &> /dev/null ; then | | if id jovyan &> /dev/null ; then |
| usermod -d /home/$NB_USER -l $NB_USER jovyan | | usermod -d /home/$NB_USER -l $NB_USER jovyan |
| fi | | fi |
| + | |
| # Handle case where provisioned storage does not have the correct permissions by default | | # Handle case where provisioned storage does not have the correct permissions by default |
| # Ex: default NFS/EFS (no auto-uid/gid) | | # Ex: default NFS/EFS (no auto-uid/gid) |
| done | | done |
| fi | | fi |
| + | |
| # handle home and working directory if the username changed | | # handle home and working directory if the username changed |
| if [[ "$NB_USER" != "jovyan" ]]; then | | if [[ "$NB_USER" != "jovyan" ]]; then |
| fi | | fi |
| fi | | fi |
| + | |
| # Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match | | # Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match |
| if [ "$NB_UID" != $(id -u $NB_USER) ] || [ "$NB_GID" != $(id -g $NB_USER) ]; then | | if [ "$NB_UID" != $(id -u $NB_USER) ] || [ "$NB_GID" != $(id -g $NB_USER) ]; then |
| useradd --home /home/$NB_USER -u $NB_UID -g $NB_GID -G 100 -l $NB_USER | | useradd --home /home/$NB_USER -u $NB_UID -g $NB_GID -G 100 -l $NB_USER |
| fi | | fi |
| + | |
| # Enable sudo if requested | | # Enable sudo if requested |
| if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then | | if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then |
| echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook | | echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook |
| fi | | fi |
| + | |
| # Add $CONDA_DIR/bin to sudo secure_path | | # Add $CONDA_DIR/bin to sudo secure_path |
| sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path | | sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path |
| + | |
| # Exec the command as NB_USER with the PATH and the rest of | | # Exec the command as NB_USER with the PATH and the rest of |
| # the environment preserved | | # the environment preserved |
| fi | | fi |
| fi | | fi |
| + | |
| # Warn if the user isn't going to be able to write files to $HOME. | | # Warn if the user isn't going to be able to write files to $HOME. |
| if [[ ! -w /home/jovyan ]]; then | | if [[ ! -w /home/jovyan ]]; then |
| fi | | fi |
| fi | | fi |
| + | |
| # Warn if looks like user want to run in sudo mode but hasn't run | | # Warn if looks like user want to run in sudo mode but hasn't run |
| # the container as root. | | # the container as root. |
| echo 'Container must be run as root to grant sudo permissions' | | echo 'Container must be run as root to grant sudo permissions' |
| fi | | fi |
| + | |
| # Execute the command | | # Execute the command |
| run-hooks /usr/local/bin/before-notebook.d | | run-hooks /usr/local/bin/before-notebook.d |