Merge branches 'env_dict_to_commands' and 'spawner_detail' into dev

rkdarst · rkdarst · commit 5192b98a7c63 · 2018-08-08T10:55:58.000+03:00
diff --git a/README.md b/README.md
@@ -90,7 +90,11 @@ Unless otherwise stated for a specific spawner, assume that spawners
 *do* evaluate shell environment for users and thus the [security
 requriemnts of JupyterHub security for untrusted
 users](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html)
-are not fulfilled.  This is something which we are working on.
+are not fulfilled because some (most?) spawners *do* start a user
+shell which will execute arbitrary user environment configuration
+(``.profile``, ``.bashrc`` and the like) unless users do not have
+access to their own cluster user account.  This is something which we
+are working on.
 
 
 ## Provide different configurations of BatchSpawner
diff --git a/SPAWNERS.md b/SPAWNERS.md
@@ -42,8 +42,13 @@ Maintainers:
 
 # Checklist for making spawners
 
+Please document each of these things under the spawner list above, -
+even if it is "OK", we need to track status of all spawners.  If it is
+a bug, users really need to know.
+
 - Does your spawner read shell environment before starting?  (See
-  [Jupyterhub Security](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html).
+  [Jupyterhub
+  Security](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html).
 
 - Does your spawner send SIGTERM to the jupyterhub-singleuser process
   before SIGKILL?  It should, so that the process can terminate
diff --git a/batchspawner/batchspawner.py b/batchspawner/batchspawner.py
@@ -517,11 +517,12 @@ def user_env(self, env):
         return env
 
     def get_env(self):
-        """Add user environment variables.
+        """Get user environment variables to be passed to the user's job
 
-        Everything here should be passed to the user's job.  If it is
-        used to authenticate to the batch system commands as an admin,
-        beware that the user will get them too.
+        Everything here should be passed to the user's job as
+        environment.  Caution: If these variables are used for
+        authentication to the batch system commands as an admin, be
+        aware that the user will receive access to these as well.
         """
         env = super().get_env()
         env = self.user_env(env)
