diff --git a/base-notebook/Dockerfile b/base-notebook/Dockerfile index f33c270666..2a2125b3f8 100644 --- a/base-notebook/Dockerfile +++ b/base-notebook/Dockerfile @@ -47,10 +47,12 @@ ENV PATH=$CONDA_DIR/bin:$PATH \ ADD fix-permissions /usr/local/bin/fix-permissions # Create jovyan user with UID=1000 and in the 'users' group # and make sure these dirs are writable by the `users` group. -RUN useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \ +RUN groupadd wheel -g 11 && \ + echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \ + useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \ mkdir -p $CONDA_DIR && \ chown $NB_USER:$NB_GID $CONDA_DIR && \ - chmod g+w /etc/passwd /etc/group && \ + chmod g+w /etc/passwd && \ fix-permissions $HOME && \ fix-permissions $CONDA_DIR diff --git a/base-notebook/start.sh b/base-notebook/start.sh index a58e1e38c2..1767c7328b 100755 --- a/base-notebook/start.sh +++ b/base-notebook/start.sh @@ -94,8 +94,7 @@ else # User is not attempting to override user/group via environment # variables, but they could still have overridden the uid/gid that # container runs as. Check that the user has an entry in the passwd - # file and if not add an entry. Also add a group file entry if the - # uid has its own distinct group but there is no entry. + # file and if not add an entry. whoami &> /dev/null || STATUS=$? && true if [[ "$STATUS" != "0" ]]; then if [[ -w /etc/passwd ]]; then @@ -104,11 +103,6 @@ else echo "jovyan:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd cat /tmp/passwd > /etc/passwd rm /tmp/passwd - id -G -n 2>/dev/null | grep -q -w $(id -u) || STATUS=$? && true - if [[ "$STATUS" != "0" && "$(id -g)" == "0" ]]; then - echo "Adding group file entry for $(id -u)" - echo "jovyan:x:$(id -u):" >> /etc/group - fi else echo 'Container must be run with group "root" to update passwd file' fi