Folder Permissions – JupyterHub – Jupyter Community Forum

I am using Azuread as the oauth for jupyterhub and I have created a folder “user-data” in the home directory of the user account for server. I have also set the create_kwargs as seen below to the user account UID.

c.DockerSpawner.extra_create_kwargs = {
    "user": "1000", # Can also be an integer UID
}

The user-data folder is set to 1000 as owner and group.

Whenever I login and start the container the user folder gets created as root:root under the “user-data” folder.

Am I able to use the home directory to store the users data? I also tried creating a folder directly in the /home directory and set the chown properly but that still not work.

I can use the command below

chown -R <user>:<user> user-data/

and that will set permissions correctly so the user can access it but I dont really want to have to that for each new user.

Ironically I did have it working correctly but it seems to have broken in my further testing.

It is like it is ignoring the user on startup.

Is there a better way of handling user data?

I tried to create a pre_spawn_hook as below

c.DockerSpawner.extra_create_kwargs = {
    "user" : "1000", # Can also be an integer UID
}

# Makes the users directory and changes ownership to spawn user
def folder_permissions(DockerSpawner): 
    # Leaf directory 
    directory = "{username}"
    # Parent Directories 
    parent_dir = "/home/folder"
    # Path 
    path = os.path.join(parent_dir, directory) 
    if os.path.isdir(path) == False:
        uid = 1000
        gid = 1000
        # Create the directory 
        os.makedirs(path) 
        os.chown(path, uid, gid)
        print("Directory '% s' created" % directory)
    else:
        print("Directory '% s' already exist" % directory)

c.DockerSpawner.pre_spawn_hook = folder_permissions

but that still did not work. I read that trying to use os.chown() required superuser so I ran my JupyterHub docker compose with sudo and that did not work either.

Should the output of the hook display in JupyterHub logs or will it show up in the spawned docker container logs? I cant seem to find where it is even running.

You need to get username from the spawner argument in the pre_spawn_hook.

# Makes the users directory and changes ownership to spawn user
def folder_permissions(spawner): 
    # Leaf directory 
    directory = f"{spawner.user.name}"
    # Parent Directories 
    parent_dir = "/home/folder"
    # Path 
    path = os.path.join(parent_dir, directory) 
    if os.path.isdir(path) == False:
        uid = 1000
        gid = 1000
        # Create the directory 
        os.makedirs(path) 
        os.chown(path, uid, gid)
        spawner.log.info("Directory '% s' created" % directory)
    else:
        spawner.log.info("Directory '% s' already exist" % directory)

Notice that we need to use spawner.log to get logs from pre_spawn_hook in your hub logs.

Thanks for the quick reply!

I updated my config with your changes and it now shows up in the logs that the folder was created but the permissions were still wrong. I adjusted the code some to output the “id’s” of the paths but it does not output anything.

# Makes the users directory and changes ownership to spawn user
def folder_permissions(spawner): 
    # Leaf directory 
    directory = f"{spawner.user.name}"
    # Parent Directories 
    parent_dir = "/home/user/user-data"
    # Path 
    path = os.path.join(parent_dir, directory) 
    if os.path.isdir(path) == False:
        uid = 1000
        gid = 1000
        # Create the directory 
        os.makedirs(path) 
        os.chown(path, uid, gid)
        spawner.log.info("Owner id of the directory:", os.stat(path).st_uid)
        spawner.log.info("Group id of the directory:", os.stat(path).st_gid)
        spawner.log.info("Directory '% s' created" % directory)
    else:
        spawner.log.info("Directory '% s' already exist" % directory)

That leads me to think that it is not os.chown() the folders. I tried running jupyterhub with sudo to see if that may help give it permissions but that did not help either. Does the spawner run the hooks as the user that is set under extra_create_kwargs?

I set extra_create_kwargs user to root and set the environment variables for the NB_UID, NB_GID, and NB_USER but that did not work either. Inside the container was just running as root.

c.DockerSpawner.extra_create_kwargs = {
    "user" : "root", # Can also be an integer UID
}

c.DockerSpawner.environment = {
    "NB_UID" : "1000",
    "NB_GID" : "1000",
    "NB_USER": "{username}"
}

It just seems that no matter what I set it will always set the permissions of the folder as root.

I am using a container from nvidia as a base, nvcr.io/nvidia/pytorch:23.05-py3. Maybe that is creating permission issues because it is set to run as root?