{ "info": { "author": "J\u00f6rn Hees", "author_email": "dev+userdocker@joernhees.de", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Console", "Intended Audience :: Developers", "Intended Audience :: Science/Research", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", "Operating System :: POSIX :: Linux", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Topic :: Scientific/Engineering", "Topic :: Security", "Topic :: Software Development", "Topic :: System", "Topic :: System :: Clustering", "Topic :: System :: Distributed Computing", "Topic :: System :: Emulators", "Topic :: System :: Operating System", "Topic :: System :: Systems Administration", "Topic :: System :: Systems Administration :: Authentication/Directory", "Topic :: Utilities" ], "description": "Userdocker\n==========\n\nUserdocker is a wrapper that allows admins to grant restricted docker\ncommandline access to users.\n\n.. note::\n\n Userdocker is currently in BETA state. Despite our ongoing efforts to test\n on our local infrastructure, further testing, reviewing and feedback are\n very welcome. Use with caution and watch the GitHub repo for issues and\n new releases!\n\n\nUserdocker is aimed towards scientific high performance computing and cluster\nsetups, as they exist in most universities or research groups. Often, such\nscientific computations have peculiar dependencies that are difficult to satisfy\nacross linux distributions (and drive admins crazy ;) ).\n\nIn theory such use-cases could largely benefit from docker, as it would allow\nusers to easily define environments themselves and run them basically without\nnegative performance impact, as they run directly on the host's kernel. In\nreality however granting docker commandline access to users effectively makes\nthem root equivalent on the host (root in container, volume mount...), making\nthis prohibitive for cluster computing.\n\nUserdocker solves this problem by wrapping the docker command and just making\nthe safe parts available to users. Admins can decide what they consider safe\n(with sane defaults). The userdocker command largely follows the docker\ncommandline syntax, so users can use it as an in-place replacement for the\ndocker command.\n\nFeedback / bugreports / contributions welcome:\n\nhttps://github.com/joernhees/userdocker\n\n\nSample Usage:\n=============\n\n.. code-block:: bash\n\n # command line help (including subcommands the user is allowed to execute)\n sudo userdocker -h\n\n # (docker images) list images (and useful tree visualization)\n sudo userdocker images\n sudo userdocker dockviz\n\n # (docker run) run a debian image with user (read-only) mounted home\n sudo userdocker run -it --rm -v $HOME:$HOME:ro debian bash\n\n # (docker attach) re-attach to own container after connection loss\n sudo userdocker attach 438c7648e76b\n\n # (docker ps) list running containers\n sudo userdocker ps\n\n # (docker pull / load) pull or load\n sudo userdocker pull debian\n sudo userdocker load < image.tar.gz\n\n # (nvidia-docker) extensions for nvidia GPU support\n alias nvidia-userdocker='userdocker --executor=nvidia-docker'\n NV_GPU=1,3,7 nvidia-userdocker run -it --rm nvcr.io/nvidia/tensorflow\n userdocker ps --gpu-used\n userdocker ps --gpu-free\n\nFeatures:\n=========\n\n- Similar commandline interface as ``docker ...`` called ``userdocker ...``\n- Support for several docker commands / plugins (docker, nvidia-docker)\n- Fine granular configurability for admins in ``/etc/userdocker/`` allows to:\n\n - restrict runnable images if desired (allows admin reviews)\n - restrict run to locally available images\n - restrict available mount points (or enforce them, or default mount)\n - probe mounts (to make sure nfs automounts don't make docker sad)\n - enforce non-root user in container (same uid:gid as on host)\n - enforce dropping caps\n - enforce environment vars\n - enforce docker args\n - restrict port publishing\n - explicitly white-list available args to user\n - restrict allowed GPU access / reservations via ``NV_GPU``\n\n- System wide config + overrides for individual groups, gids, users, uids.\n- Easy extensibility for further subcommands and args.\n\n\nInstallation:\n=============\n\nThe installation of userdocker works in three steps:\n\n\n1. Install package:\n-------------------\n\nFirst make sure that docker is installed:\n\n.. code-block:: bash\n\n sudo docker version\n\nAfterwards, as userdocker is written in python3 and available as python package:\n\n.. code-block:: bash\n\n sudo pip3 install userdocker\n\nThis will give you a ``userdocker`` command that you can test with:\n\n.. code-block:: bash\n\n userdocker -h\n\nThe above is the preferable way of installation.\n\nAlternatively, you can clone this repo and execute:\n\n.. code-block:: bash\n\n sudo python3 setup.py install\n\n\n2. Configuration:\n-----------------\n\nCopy the default config to ``/etc/userdocker/config.py``, then edit the file.\nThe config contains tons of comments and explanations to help you make the right\ndecisions for your scenario.\n\n.. code-block:: bash\n\n sudo cp /etc/userdocker/default.py /etc/userdocker/config.py\n\n\n3. Allowing users to run ``sudo userdocker``:\n---------------------------------------------\n\nYou should now allow the users in question to run ``sudo userdocker``. This is\nbasically done by adding a ``/etc/sudoers.d/userdocker`` file. If you want to\ngrant this permission to all users in group ``users``, add the following\ntwo lines:\n\n::\n\n Defaults env_keep += \"NV_GPU\"\n %users ALL=(root) NOPASSWD: /usr/local/bin/userdocker\n\nThe first is strongly recommended in case you want to allow users to use nvidia\nGPUs from within docker containers via nvidia-docker (see EXECUTORS in config).\nWithout it they cannot pass the NV_GPU environment variable to the userdocker\n(and thereby nvidia-docker) command to select their desired GPU(s).\n\n\nFAQ:\n====\n\nWhy sudo?\n---------\n\nBecause it supports logging and is in general a lot more configurable than the\nalternatives. For example if you only want to make ``userdocker`` available on\nsome nodes in your cluster, you can use the Host\\_List field:\n\n::\n\n %users node1,node2,node4=(root) /usr/local/bin/userdocker", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/joernhees/userdocker", "keywords": "docker user limit admin hpc cluster computing permissions", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "userdocker", "package_url": "https://pypi.org/project/userdocker/", "platform": "", "project_url": "https://pypi.org/project/userdocker/", "project_urls": { "Homepage": "https://github.com/joernhees/userdocker" }, "release_url": "https://pypi.org/project/userdocker/2.0.0/", "requires_dist": null, "requires_python": "", "summary": "userdocker allows admins to grant restricted docker command access to users.", "version": "2.0.0" }, "last_serial": 3255936, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "656e5d7cabd79cfc6594654a9d52a417", "sha256": "d360ecfb788a8ca066561496d7846fdd09276d2a3a98eca9f0ebe773372481fc" }, "downloads": -1, "filename": "userdocker-1.0.0.tar.gz", "has_sig": false, "md5_digest": "656e5d7cabd79cfc6594654a9d52a417", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13600, "upload_time": "2017-03-01T15:39:29", "url": "https://files.pythonhosted.org/packages/6c/fc/e1ce49de9d3cbe4204bc9400fb43c1d8737e0a9e5c192f78426f5de119aa/userdocker-1.0.0.tar.gz" } ], "1.0.0.dev1": [ { "comment_text": "", "digests": { "md5": "27fd88b8a9553aa15d0e944556d03af2", "sha256": "74ce9cb7b7b936fd00fb40fa6f2599729c453a17bbca451c360ab9aed2bccba6" }, "downloads": -1, "filename": "userdocker-1.0.0.dev1.tar.gz", "has_sig": false, "md5_digest": "27fd88b8a9553aa15d0e944556d03af2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13076, "upload_time": "2017-03-01T01:26:33", "url": "https://files.pythonhosted.org/packages/c4/d3/c3c5347e5e5af673dd62cc146a4d28a702d06d59423a8042d0b8f387f3ef/userdocker-1.0.0.dev1.tar.gz" } ], "1.0.0.dev2": [ { "comment_text": "", "digests": { "md5": "0633dd89ea003981a05fbd776cb9f8de", "sha256": "ad8043398e238b686ca26b1e995e424302cbfd30e07f70ca993b55a0bd5e39e2" }, "downloads": -1, "filename": "userdocker-1.0.0.dev2.tar.gz", "has_sig": false, "md5_digest": "0633dd89ea003981a05fbd776cb9f8de", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13128, "upload_time": "2017-03-01T02:08:53", "url": "https://files.pythonhosted.org/packages/7a/45/7a60e2d7562fd9fc24d6083c32dc46ac3fbd965a552f87bb67d387d998d4/userdocker-1.0.0.dev2.tar.gz" } ], "1.0.0.dev3": [ { "comment_text": "", "digests": { "md5": "0f9651ec2136cff2382cbe8f57383b28", "sha256": "cf755f213aa51f23e13352798cceb5ec6c67d609f1f76361027849b7e1807da3" }, "downloads": -1, "filename": "userdocker-1.0.0.dev3.tar.gz", "has_sig": false, "md5_digest": "0f9651ec2136cff2382cbe8f57383b28", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13333, "upload_time": "2017-03-01T14:35:45", "url": "https://files.pythonhosted.org/packages/74/20/60bae9985299ebdeaf6a5244912de9e33db2bdb43080b7b79a3dbf8314cf/userdocker-1.0.0.dev3.tar.gz" } ], "1.0.0.dev4": [ { "comment_text": "", "digests": { "md5": "2dc99757839b7c8a9036abad1f0c749f", "sha256": "7d3a88f07d0cde7432566cb807cb70274fab50f6b4d98e35fccb1f8057f5be6f" }, "downloads": -1, "filename": "userdocker-1.0.0.dev4.tar.gz", "has_sig": false, "md5_digest": "2dc99757839b7c8a9036abad1f0c749f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13613, "upload_time": "2017-03-01T15:08:33", "url": "https://files.pythonhosted.org/packages/17/84/0da1d828fb60d1d93a3eeb5eaab580a740c38fd5ec27d967db1c35ec7e20/userdocker-1.0.0.dev4.tar.gz" } ], "1.0.0.dev8": [ { "comment_text": "", "digests": { "md5": "cb2ce9fe59c68b77cec859bd7df22d99", "sha256": "16eb199c774d246678977d041bf928c8462ccec6370d7fd3d0072798ae71ae52" }, "downloads": -1, "filename": "userdocker-1.0.0.dev8.tar.gz", "has_sig": false, "md5_digest": "cb2ce9fe59c68b77cec859bd7df22d99", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13614, "upload_time": "2017-03-01T15:37:19", "url": "https://files.pythonhosted.org/packages/c5/d5/097ca9328d477143c21b9802760d45dd556e04a92f79caae6c477e82e71f/userdocker-1.0.0.dev8.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "d8746e6116663c0de438fb231654005f", "sha256": "413027d3309dc1d94e46845bc4e3f33abab06f7ebc5c7e49bddd5360d333fca7" }, "downloads": -1, "filename": "userdocker-1.0.1.tar.gz", "has_sig": false, "md5_digest": "d8746e6116663c0de438fb231654005f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13794, "upload_time": "2017-03-07T16:19:32", "url": "https://files.pythonhosted.org/packages/01/e8/00c3440cc8dc6dcb1b9cf0562e6edde1feebd9a8d5847cf735c03a5dea73/userdocker-1.0.1.tar.gz" } ], "2.0.0": [ { "comment_text": "", "digests": { "md5": "a02732e7d3cea9c78dc13acac209fcb7", "sha256": "eeebb7b5a021a4e5ab7b10b06b61c98f757cf16f9d0942ee2f5917d0b64e3506" }, "downloads": -1, "filename": "userdocker-2.0.0.tar.gz", "has_sig": false, "md5_digest": "a02732e7d3cea9c78dc13acac209fcb7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19489, "upload_time": "2017-10-17T08:53:29", "url": "https://files.pythonhosted.org/packages/64/fd/442dadcf05d9dafb0524a6fc0965edb5460cbf7237f282cdfb137ddac097/userdocker-2.0.0.tar.gz" } ], "2.0.0.dev1": [ { "comment_text": "", "digests": { "md5": "02e77474a2a2aef046565b80c9c2b613", "sha256": "5283bba2ea6c269f2e9d32c640a7b21061366be4eb758a960306fec3eb76db2f" }, "downloads": -1, "filename": "userdocker-2.0.0.dev1.tar.gz", "has_sig": false, "md5_digest": "02e77474a2a2aef046565b80c9c2b613", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18169, "upload_time": "2017-03-26T23:39:22", "url": "https://files.pythonhosted.org/packages/f6/be/4dbc64a00a5d4fa04370252a9ae29ff49c5e64be534e8ccb58d3aabfb701/userdocker-2.0.0.dev1.tar.gz" } ], "2.0.0.dev3": [ { "comment_text": "", "digests": { "md5": "1a00ba7a0fb90b361801f39878323bfd", "sha256": "6ee8a99387f143fa692c7495af471733d5b3cff93fba631e5fd5330b580f84a5" }, "downloads": -1, "filename": "userdocker-2.0.0.dev3.tar.gz", "has_sig": false, "md5_digest": "1a00ba7a0fb90b361801f39878323bfd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18772, "upload_time": "2017-05-24T12:14:57", "url": "https://files.pythonhosted.org/packages/f2/a8/a7fdfdb2f5308e4a12290f7a9c5e0384728e27cfe8a27576995b140426b0/userdocker-2.0.0.dev3.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "a02732e7d3cea9c78dc13acac209fcb7", "sha256": "eeebb7b5a021a4e5ab7b10b06b61c98f757cf16f9d0942ee2f5917d0b64e3506" }, "downloads": -1, "filename": "userdocker-2.0.0.tar.gz", "has_sig": false, "md5_digest": "a02732e7d3cea9c78dc13acac209fcb7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19489, "upload_time": "2017-10-17T08:53:29", "url": "https://files.pythonhosted.org/packages/64/fd/442dadcf05d9dafb0524a6fc0965edb5460cbf7237f282cdfb137ddac097/userdocker-2.0.0.tar.gz" } ] }