Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

refuse to run as root user #1115

Merged
merged 5 commits into from
Feb 22, 2016
Merged

refuse to run as root user #1115

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3ce8d95
refuse to run as root user
vivi Feb 19, 2016
1d01627
making allow-root a valid flag
vivi Feb 20, 2016
349a7f0
changing OSError to be AttributeError (for windows)
vivi Feb 20, 2016
43ff953
adding windows user check
vivi Feb 20, 2016
a11f81a
removing windows check, changing error message wording
vivi Feb 20, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions notebook/notebookapp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,11 @@ def start(self):
"""
)

flags['allow-root']=(
{'NotebookApp' : {'allow_root' : True}},
"Allow the notebook to be run from root user."
)

# Add notebook manager flags
flags.update(boolean_flag('script', 'FileContentsManager.save_script',
'DEPRECATED, IGNORED',
Expand Down Expand Up @@ -445,6 +450,10 @@ def _log_format_default(self):
help="Set the Access-Control-Allow-Credentials: true header"
)

allow_root = Bool(False, config=True,
help="Whether to allow the user to run the notebook as root."
)

default_url = Unicode('/tree', config=True,
help="The default URL to redirect to from `/`"
)
Expand Down Expand Up @@ -1100,6 +1109,13 @@ def start(self):

This method takes no arguments so all configuration and initialization
must be done prior to calling this method."""
try:
if os.geteuid() == 0:
self.log.critical("Running as root is not recommended. Use --allow-root to bypass.")
self.exit(1)
except AttributeError as e:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's probably OK here, but it's a good idea to put as little code as possible into a try block when you're catching NameError or AttributeError (any error, really, but especially these), because they can hide mistakes.

E.g. imagine if someone changed the logging level, but accidentally spelled it errorr. That's an attribute error - and the code will silently catch it and carry on as if nothing had happened, disabling the check completely.

pass
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there some condition that we're expecting to catch here? Why would geteuid() fail? If we're catching this, I think we should at least log the error so that there's an indication that something has gone wrong.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No geteuid raise OSError on windows (according to the docs). So the try/catch is the dealing with windows case.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Carreau What docs are those? I rebooted into Windows to check, and it ain't there:

>>> os.geteuid()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: module 'os' has no attribute 'geteuid'

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@takluyver Whoops, I read the docs too fast

Note All functions in this module raise OSError in the case of invalid or inaccessible file names and paths, or other arguments that have the correct type, but are not accepted by the operating system.

Should be excepting AttributeError, my bad!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem!


super(NotebookApp, self).start()

info = self.log.info
Expand Down