Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

run_code as a user instead of root #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
mishushakov wants to merge 17 commits into main
base: main
Choose a base branch
Loading
from permissions-calling-run_code-as-a-different-user-e2b-2123

Conversation

Copy link
Member

@mishushakov mishushakov commented Apr 28, 2025
edited
Loading

  • Jupyter Server and Code Interpreter are started as a non-privileged user
  • Adds ability to change user by creating a new context
  • BREAKING: Default user root > user to match the Sandbox commands.run behavior
  • POSSIBLY BREAKING: when cwd is not set and user is root, it will set cwd to /root

Sample code

const ctx = await sbx.createCodeContext({ language: "python", user: "user" })
const code = await sbx.runCode(`import getpass; print(getpass.getuser())`, { context })
console.log(code.logs);
{
 stdout: [ "user\n" ],
 stderr: [],
}

Copy link

linear bot commented Apr 28, 2025

@mishushakov mishushakov added the improvement Improvement for current functionality label Apr 28, 2025
@mishushakov mishushakov marked this pull request as ready for review April 28, 2025 12:09
Copy link
Member

jakubno commented Apr 28, 2025
edited
Loading

This won't be probably backwards compatible right?

Can I specify if I want run something as root?

This comment was marked as outdated.

Copy link
Member

@jakubno jakubno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we just need to be able to pass user. Otherwise, someone might need to run something as root, leading to the same issue.

mishushakov reacted with thumbs up emoji
@mishushakov mishushakov marked this pull request as draft April 30, 2025 16:12
@mishushakov mishushakov added feature New feature or request and removed improvement Improvement for current functionality labels May 14, 2025
@mishushakov mishushakov marked this pull request as ready for review May 14, 2025 14:14
Comment on lines +79 to +83

# Change ownership of all files to user
RUN chown -R user:user $HOME

USER user
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why are you doing it as last thing? If you would set the user as a first thing you probably don't need change the ownership

Copy link
Member Author

@mishushakov mishushakov May 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the problem here is: "user" does not exist in python image
and we cannot add user before we have "sudo" dependency installed

so this is why it's the last

Copy link
Member Author

I created a new template, code-interpreter-v1beta1

dockerfile = "e2b.Dockerfile"
template_name = "code-interpreter-v1"
template_id = "nlhz8vlwyupq845jsdg9"
start_cmd = "sudo -u user /home/user/.jupyter/start-up.sh"
Copy link
Member Author

@mishushakov mishushakov May 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one thing: this is a breaking change, should I put a script in /root/.jupyter/start-up.sh that just calls the actual start-up.sh with sudo -u user?

@jakubno jakubno marked this pull request as draft July 15, 2025 09:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakubno jakubno jakubno requested changes

@ValentaTomas ValentaTomas Awaiting requested review from ValentaTomas ValentaTomas is a code owner

@0div 0div Awaiting requested review from 0div 0div is a code owner

Requested changes must be addressed to merge this pull request.

Labels
feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /