Skip to content

J
Jupyter Docker Stacks
Commit 47e120db authored by Graham Dumpleton's avatar Graham Dumpleton
Browse files
Options

Restrict su to users in group wheel so can't be used when run as random uid not in passwd file.

parent fce59959
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 1 deletion
base-notebook/Dockerfile
View file @ 47e120db
......@@ -47,7 +47,9 @@ ENV PATH=$CONDA_DIR/bin:$PATH \
ADD fix-permissions /usr/local/bin/fix-permissions
# Create jovyan user with UID=1000 and in the 'users' group
# and make sure these dirs are writable by the `users` group.
RUN useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \
RUN groupadd wheel -g 11 && \
echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \
useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \
mkdir -p $CONDA_DIR && \
chown $NB_USER:$NB_GID $CONDA_DIR && \
chmod g+w /etc/passwd && \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment