Google Datalab, how to forbid users to connect to VM using --no-user-checking

Question

we have several datalab users who has their own Datalab VM to connect and work with Notebooks. the connect to their vm using the followin command:

datalab connect <USER_VM_NAME>

But still they can connect to VM of other users using the following command:

datalab connect <ANOTHER_USER_VM_NAME> --no-user-checking

How this can be forbidden by setting a configuration on datalab? if it is not possibile, how we can audit it to find out when a user used VM of another user?

Xiaoxia Lin · Answer 1 · 2017-12-29T14:58:07.913

0

You can achieve that by specifying the --service-account flag when you create Datalab instances.

You will need few more steps before, see detailed steps here.

Create Datalab instance:

datalab create --project <PROJECT> --zone <ZONE> --for-user <TEAM_MEMBER_EMAIL>     
--service-account <TEAM_MEMBER_SERVICE_ACCOUNT> <TEAM_MEMBER_INSTANCE_NAME>

connect to a Datalab instance:

datalab connect --project <PROJECT> --zone <ZONE> <TEAM_MEMBER_INSTANCE_NAME>

edited Dec 29 '17 at 14:58

answered Dec 29 '17 at 14:53

Xiaoxia Lin

736
6
16

This is not a correct solution, still Datalab user can connect to the VM of each other using "--no-user-checking" ! – Majico Mar 12 '18 at 14:17

Google Datalab, how to forbid users to connect to VM using --no-user-checking

1 Answers1