从Jupyter Notebook关闭魔术 [英] Turn off magic from jupyter notebook
问题描述
我正在与多用户共享的环境中使用jupyter笔记本,而魔术很强大,它实际上是一把双刃剑,不负责任的用户可以使用命令直接运行linux命令,例如
I`m using jupyter notebook on a shared environment with multiple user, while magic is powerful it's actually a double edge sword, an irresponsible user can use commands to run linux command directly for example
!ls /opt
此命令将允许您列出所有/opt目录
this command will allow you to list down all /opt directory
!pip install <some package>
允许用户直接从jupyter笔记本安装软件包 以及其他可能改变系统的魔术命令
will allow user to install package directly from jupyter notebook and many other magic command that has potential to change system
如何关闭jupyter-notebook上的几个/所有魔术命令? 谢谢
How do I turn off several / all magic commands on jupyter-notebook ? Thanks
推荐答案
即使您可以关闭魔术壳命令,Python本身也有权执行完全相同的操作(例如,os.listdir("/opt")与!ls /opt相同,您可以在Python本身中运行pip等),因此即使尝试也没什么意义.
Even if you could turn off magic shell commands Python itself has the permissions to do the exact same things (e.g. os.listdir("/opt") does the same as !ls /opt, you can run pip within Python itself etc.) so there's very little point in even trying.
Jupyter Notebook不适用于不受信任的用户.甚至准许用户之间更高安全性的JupyterHub都是根据半信任用户的用例设计的,并且需要非常谨慎地设置以允许不信任用户.
Jupyter Notebook is not designed to be used by untrusted users. Even JupyterHub, which does allow for more security between users is designed with the use-case of semi-trusted users, and requires very careful set up to allow for untrusted users.
但是,JupyterHub确实允许笔记本计算机服务器的容器化,因此每个用户都可以得到自己的(例如,Docker)附加了文件的容器,如果他们弄乱了自己的容器,那么它们都不会弄乱其他用户或主服务器,定期备份用户文件相对容易,因此,如果它们混乱了,则可以恢复其数据.设置JupyterHub实例对您来说可能会花费很多精力,尽管如果只有几个人并且您旨在防止用户愚蠢,那么您只是想避免-只是强调用户应该在弄乱文件系统之前先考虑一下.
However, JupyterHub does allow for containerisation of notebook servers, so each user can get their own (e.g. Docker) container that has their files attached, and if they mess up their own container it would both not mess up other users or the main server and it would be relatively easy to regularly back up user files so if they mess up then you could restore their data. It may be too much effort for you to set up a JupyterHub instance though if it's just a couple of people and all you're aiming to protect against is users being stupid - just emphasise that users should think before messing around with the file system.
这篇关于从Jupyter Notebook关闭魔术的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
