Skip to content

refuse to run as root user #1115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Feb 22, 2016
Merged

refuse to run as root user #1115

Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3ce8d95
refuse to run as root user
vivi Feb 19, 2016
1d01627
making allow-root a valid flag
vivi Feb 20, 2016
349a7f0
changing OSError to be AttributeError (for windows)
vivi Feb 20, 2016
43ff953
adding windows user check
vivi Feb 20, 2016
a11f81a
removing windows check, changing error message wording
vivi Feb 20, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions notebook/notebookapp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,11 @@ def start(self):
"""
)

flags['allow-root']=(
{'NotebookApp' : {'allow_root' : True}},
"Allow the notebook to be run from root user."
)

# Add notebook manager flags
flags.update(boolean_flag('script', 'FileContentsManager.save_script',
'DEPRECATED, IGNORED',
Expand Down Expand Up @@ -445,6 +450,10 @@ def _log_format_default(self):
help="Set the Access-Control-Allow-Credentials: true header"
)

allow_root = Bool(False, config=True,
help="Whether to allow the user to run the notebook as root."
)

default_url = Unicode('/tree', config=True,
help="The default URL to redirect to from `/`"
)
Expand Down Expand Up @@ -1100,6 +1109,15 @@ def start(self):

This method takes no arguments so all configuration and initialization
must be done prior to calling this method."""
try:
is_root = os.geteuid() == 0
except AttributeError as e:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's probably OK here, but it's a good idea to put as little code as possible into a try block when you're catching NameError or AttributeError (any error, really, but especially these), because they can hide mistakes.

E.g. imagine if someone changed the logging level, but accidentally spelled it errorr. That's an attribute error - and the code will silently catch it and carry on as if nothing had happened, disabling the check completely.

import ctypes
is_root = ctypes.windll.shell32.IsUserAnAdmin() == 1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wouldn't do this - admin users in Windows aren't really equivalent to root on Unix, and I don't think it makes sense to block them from running the notebook. Admin users on Windows are more like the sudoers group on Linux.

if is_root and not self.allow_root:
self.log.critical("Running as root is forbidden. Use --allow-root to bypass.")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd say something like "is not recommended" - it's not quite forbidden.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha, will make the changes.

self.exit(1)

super(NotebookApp, self).start()

info = self.log.info
Expand Down