Merge pull request #525 from parente/fix-sudo-path

Append /opt/conda/bin to the sudo secure_path

Merge pull request #525 from parente/fix-sudo-path
Append /opt/conda/bin to the sudo secure_path
400c6963 · Peter Parente · GitHub · 2c80cf35 · a3cfda28 · 400c6963
Commit 400c6963 authored Jan 05, 2018 by Peter Parente Committed by GitHub Jan 05, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 1 deletion

base-notebook/start.sh base-notebook/start.sh +2 -1

base-notebook/test/test_container_options.py base-notebook/test/test_container_options.py +14 -0

No files found.
--- a/base-notebook/start.sh
+++ b/base-notebook/start.sh
@@ -48,8 +48,9 @@ if [ $(id -u) == 0 ] ; then
    # Enable sudo if requested
    if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then
-        echo "Granting $NB_USER sudo access"
+        echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH"
        echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
+        sed -ri "s#Defaults\s+secure_path=\"([^\"]+)\"#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers
    fi
    # Exec the command as NB_USER with the PATH and the rest of

--- a/base-notebook/test/test_container_options.py
+++ b/base-notebook/test/test_container_options.py
@@ -71,6 +71,20 @@ def test_sudo(container):
    assert rv == 0
    assert 'uid=0(root)' in c.logs(stdout=True).decode('utf-8')
+def test_sudo_path(container):
+    """Container should include /opt/conda/bin in the sudo secure_path."""
+    c = container.run(
+        tty=True,
+        user='root',
+        environment=['GRANT_SUDO=yes'],
+        command=['start.sh', 'sudo', 'which', 'jupyter']
+    )
+    rv = c.wait(timeout=10)
+    assert rv == 0
+    assert c.logs(stdout=True).decode('utf-8').rstrip().endswith('/opt/conda/bin/jupyter')
 def test_group_add(container, tmpdir):
    """Container should run with the specified uid, gid, and secondary
    group.