Add --whole-filesystem command line flag #4294
Conversation
|
Sounds reasonable to me. And I'm happy to have it as a linux only, at least as a start. |
|
I set the c.DockerSpawner.notebook_dir = 'C:/'
c.DockerSpawner.default_url = '/user/{username}/lab/tree/jupyter'
c.DockerSpawner.volumes = {'J:/{username}': 'C:/jupyter'}I guess the |
|
@dhirschfeld that's right. This adds a flag that is shorthand for setting two other already existing options in a common configuration. It's not new functionality, just new convenience. Doing it exactly like this could have some slightly tricky interactions, e.g. with base_url, but it seems a sensible option to me. |
|
Yup, it's convenience, plus a signal that this is a reasonable thing to do. People seem to be happy with the idea, so I'll try to work out how best to implement it. |
|
@takluyver, should we close this one or open an issue on |
For security, we don't currently serve files above the notebook directory, normally the working directory where you launch the server. Someone who gets full access can still access the full filesystem by starting a kernel or a terminal, but it limits the possible damage if the attacker can only make plain HTTP requests.
However, this restriction is often frustrating, and people would like to be able to navigate up from the start point, trusting other layers of security. This can be achieved with the correct configuration, but it's not very convenient.
This PR adds a
--whole-filesystemcommand line flag which uses the filesystem root/as the notebook directory, but opens the browser to the CWD where you launched the notebook. It's meant as a proposal for discussion, not a finished work.I haven't thought yet about what this does on Windows, or with custom contents managers which don't use a filesystem.