Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option --group-id to specify numerical group id #1093

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Add option --group-id to specify numerical group id #1093

wants to merge 4 commits into from

Conversation

davidjsherman
Copy link

Add an option --group-id to specify numerical group id separately from the numerical user id. If a group id is not specified, maintain the legacy behavior of using the numerical user id for the group.

Images created with --group-id=0 follow Openshift best practices for container images, see discussion. Such images will work in the default unprivileged restricted security context constraint on Openshift and OKD Kubernetes platforms, where a non-root arbitrary user id is allocated on the fly to containers.

The new test test_user_groups in tests/unit/test_users.py verifies the group id and checks file ownership. The existing test test_users now also tests for the legacy behavior. I admit that these tests are very similar and could perhaps be combined.

@davidjsherman
Unit test of specifying Unix group id
25848c3 
Add test of gid to existing test, verify default behavior that gid = uid
Add test of gid when specified, verify that provided gid is used

The two tests are mostly duplicated code, could we refactor using a
pytest parameterized test?
@davidjsherman
Add command-line option to specify group-id
5cbc873 
Group-id is an integer,	like user-id. Its default value	is the user-id,
as that	is the existing	behavior. Note that gid=0 is a valid value.
@davidjsherman
Add Unix group with NB_GID if supplied, default NB_GID = NB_UID.
e805a21 
Note that the default GID in the extracted tar image is still
DEFAULT_NB_UID
@davidjsherman
Unit test of group id also stats uid, gid of created files
de80ca5
@welcome
Copy link

welcome bot commented Oct 19, 2021

Thanks for submitting your first pull request! You are awesome! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please make sure you followed the pull request template, as this will help us review your contribution more quickly.
welcome
You can meet the other Jovyans by joining our Discourse forum. There is also a intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

@davidjsherman davidjsherman changed the title [WIP] Add option --group-id to specify numerical group id [MRG] Add option --group-id to specify numerical group id Oct 19, 2021
yuvipanda
yuvipanda requested changes Nov 18, 2021
View reviewed changes
Copy link
Collaborator

@yuvipanda yuvipanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for opening this, @davidjsherman. Apologies for the late review.

https://github.com/jupyterhub/repo2docker/search?q=chown shows there's a bunch of chown calls that currently rely on the assumption that the gid is the same as uid, and will need to be modified to take the gid into account properly. Once that's done, I think this is good to be merged.

@davidjsherman
Copy link
Author

I can do that. Do you by chance have a general idea of the tests that need to be made? I can verify that the uids and gids are as specified, but it would be better to check functional dependencies, if there are any.

@yuvipanda
Copy link
Collaborator

@davidjsherman not sure of the specifics, but perhaps look at the paths that are being chowned, and see what tests already cover them? Then, a gid variant can be added there.

@manics manics marked this pull request as draft October 14, 2022 19:33
@consideRatio consideRatio changed the title [MRG] Add option --group-id to specify numerical group id Add option --group-id to specify numerical group id Oct 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuvipanda yuvipanda yuvipanda requested changes

Assignees
No one assigned
Labels
new
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@davidjsherman @yuvipanda @consideRatio