fix: fix jupyterlab permission

ngc7331 · ngc7331 · commit 18e871eba564 · 2025-10-11T12:44:50.000+08:00
diff --git a/tutorial/docker-compose.yml b/tutorial/docker-compose.yml
@@ -8,6 +8,7 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=Etc/UTC
+      - DEFAULT_WORKSPACE=/config/workspace
       # TODO: remember define these in .env file
       - PASSWORD
       - SUDO_PASSWORD_HASH
diff --git a/tutorial/root/etc/s6-overlay/s6-rc.d/init-jupyterlab/run b/tutorial/root/etc/s6-overlay/s6-rc.d/init-jupyterlab/run
@@ -1,18 +1,59 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
-rm -f ${HOME}/.jupyter/jupyter_lab_config.py
+# create new demo user for jupyterlab
+useradd -d /config/demo -g abc -G users demo
 
-s6-setuidgid abc \
+mkdir -p /config/.local/share
+chown abc:abc /config/.local/share
+chmod 775 /config/.local/share
+
+mkdir -p /data
+chown abc:abc /data
+
+SOURCE="/config/workspace"
+DEST="/config/demo"
+
+if [ ! -d "${DEST}" ]; then
+    mkdir -p "${DEST}"
+
+    EXCLUDE=(
+        "assets"
+        "tutorial"
+        "work"
+    )
+    declare -A EXCLUDE_MAP=()
+    for ex in "${EXCLUDE[@]}"; do
+        EXCLUDE_MAP["$ex"]=1
+    done
+
+    for entry in "$SOURCE"/*; do
+        [ -e "$entry" ] || continue
+
+        name="$(basename "$entry")"
+
+        if [[ -n "${EXCLUDE_MAP[$name]:-}" ]]; then
+            continue
+        fi
+
+        cp -a --reflink=auto "$entry" "$DEST/"
+    done
+
+    chown demo:abc -R "${DEST}"
+fi
+
+rm -f /config/demo/.jupyter/jupyter_lab_config.py
+
+sudo -u demo \
     jupyter-lab --generate-config
 
 # allow remote access
-echo "c.ServerApp.ip = '0.0.0.0'" >> ${HOME}/.jupyter/jupyter_lab_config.py
-echo "c.ServerApp.open_browser = False" >> ${HOME}/.jupyter/jupyter_lab_config.py
-echo "c.ServerApp.port = 8888" >> ${HOME}/.jupyter/jupyter_lab_config.py
-echo "c.ServerApp.allow_remote_access = True" >> ${HOME}/.jupyter/jupyter_lab_config.py
+echo "c.ServerApp.ip = '0.0.0.0'" >> /config/demo/.jupyter/jupyter_lab_config.py
+echo "c.ServerApp.open_browser = False" >> /config/demo/.jupyter/jupyter_lab_config.py
+echo "c.ServerApp.port = 8888" >> /config/demo/.jupyter/jupyter_lab_config.py
+echo "c.ServerApp.allow_remote_access = True" >> /config/demo/.jupyter/jupyter_lab_config.py
 
 # set password if provided
 if [ -n "${JUPYTER_PASSWORD_HASH}" ]; then
-    echo "c.PasswordIdentityProvider.hashed_password = u'${JUPYTER_PASSWORD_HASH}'" >> ${HOME}/.jupyter/jupyter_lab_config.py
+    echo "c.PasswordIdentityProvider.hashed_password = u'${JUPYTER_PASSWORD_HASH}'" >> /config/demo/.jupyter/jupyter_lab_config.py
 fi
diff --git a/tutorial/root/etc/s6-overlay/s6-rc.d/svc-jupyterlab/run b/tutorial/root/etc/s6-overlay/s6-rc.d/svc-jupyterlab/run
@@ -1,7 +1,7 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
-s6-setuidgid abc \
+s6-setuidgid demo \
     jupyter-lab \
-        --config=${HOME}/.jupyter/jupyter_lab_config.py \
-        --notebook-dir=/config/workspace
+        --config=/config/demo/.jupyter/jupyter_lab_config.py \
+        --notebook-dir=/config/demo
