[ci skip] Autodoc commit for 7de9df8.

OSC · Dec 1, 2023 · 87e4e85 · 87e4e85
1 parent 41a3133
commit 87e4e85
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 9 deletions.
diff --git a/latest/_sources/customizations.rst.txt b/latest/_sources/customizations.rst.txt
@@ -362,6 +362,8 @@ We recommend setting this environment variable in ``/etc/ood/config/nginx_stage.
 
 .. warning:: This allowlist is not enforced across every action a user can take in an app (including the developer views in the Dashboard). Also, it is enforced via the apps themselves, which is not as robust as using cgroups on the PUN.
 
+.. include:: customizations/disabling-users.inc
+
 .. _set-default-ssh-host:
 
 Set Default SSH Host

diff --git a/latest/_sources/reference/files/nginx-stage-yml.rst.txt b/latest/_sources/reference/files/nginx-stage-yml.rst.txt
@@ -776,17 +776,26 @@ Configuration Options
 
       For RHEL6 and CentOS 6 the user id's begin at ``500``.
 
+.. _disabled_shell:
+
 .. describe:: disabled_shell (String)
 
-   restrict starting a per-user NGINX process as a user with the given shell
+   Restrict starting a per-user NGINX process as a user with the given shell.
 
-   Default
-     For OSC restrictions
+    Default
+      Do not start a per-user NGINX for anyone with ``/access/denied`` shell.
 
-     .. code-block:: yaml
+      .. code-block:: yaml
 
         disabled_shell: "/access/denied"
 
+    Example
+      Do not start a per-user NGINX for anyone with ``/usr/bin/false`` shell.
+
+      .. code-block:: yaml
+
+        disabeled_shell: "/usr/bin/false"
+
    .. note::
 
       This will only restrict access to a per-user NGINX process started with

diff --git a/latest/customizations.html b/latest/customizations.html
@@ -144,6 +144,7 @@
 <li class="toctree-l2"><a class="reference internal" href="#set-upload-limits">Set Upload Limits</a></li>
 <li class="toctree-l2"><a class="reference internal" href="#set-download-limits">Set Download Limits</a></li>
 <li class="toctree-l2"><a class="reference internal" href="#block-or-allow-directory-access">Block or Allow Directory Access</a></li>
+<li class="toctree-l2"><a class="reference internal" href="#disabling-users">Disabling Users</a></li>
 <li class="toctree-l2"><a class="reference internal" href="#set-default-ssh-host">Set Default SSH Host</a></li>
 <li class="toctree-l2"><a class="reference internal" href="#set-ssh-allowlist">Set SSH Allowlist</a></li>
 <li class="toctree-l2"><a class="reference internal" href="#set-ood-ssh-port">Set OOD SSH Port</a></li>
@@ -1059,6 +1060,13 @@ <h2>Block or Allow Directory Access<a class="headerlink" href="#block-or-allow-d
 <p>This allowlist is not enforced across every action a user can take in an app (including the developer views in the Dashboard). Also, it is enforced via the apps themselves, which is not as robust as using cgroups on the PUN.</p>
 </div>
 </div>
+<div class="section" id="disabling-users">
+<span id="disabling-users-guide"></span><h2>Disabling Users<a class="headerlink" href="#disabling-users" title="Permalink to this headline">¶</a></h2>
+<p>You can use the <a class="reference internal" href="reference/files/nginx-stage-yml.html#disabled-shell"><span class="std std-ref">nginx stage configuration for disabling users</span></a>
+to disable access to specific users based on the users’ default <code class="docutils literal notranslate"><span class="pre">shell</span></code>.</p>
+<p>For example you could disable access to Open OnDemand for any user with the <code class="docutils literal notranslate"><span class="pre">/usr/bin/false</span></code>
+default shell.</p>
+</div>
 <div class="section" id="set-default-ssh-host">
 <span id="id12"></span><h2>Set Default SSH Host<a class="headerlink" href="#set-default-ssh-host" title="Permalink to this headline">¶</a></h2>
 <div class="admonition warning">

diff --git a/latest/index.html b/latest/index.html
@@ -288,6 +288,7 @@ <h2>Special Thanks<a class="headerlink" href="#special-thanks" title="Permalink
 <li class="toctree-l2"><a class="reference internal" href="customizations.html#set-upload-limits">Set Upload Limits</a></li>
 <li class="toctree-l2"><a class="reference internal" href="customizations.html#set-download-limits">Set Download Limits</a></li>
 <li class="toctree-l2"><a class="reference internal" href="customizations.html#block-or-allow-directory-access">Block or Allow Directory Access</a></li>
+<li class="toctree-l2"><a class="reference internal" href="customizations.html#disabling-users">Disabling Users</a></li>
 <li class="toctree-l2"><a class="reference internal" href="customizations.html#set-default-ssh-host">Set Default SSH Host</a></li>
 <li class="toctree-l2"><a class="reference internal" href="customizations.html#set-ssh-allowlist">Set SSH Allowlist</a></li>
 <li class="toctree-l2"><a class="reference internal" href="customizations.html#set-ood-ssh-port">Set OOD SSH Port</a></li>

diff --git a/latest/objects.inv b/latest/objects.inv
diff --git a/latest/reference/files/nginx-stage-yml.html b/latest/reference/files/nginx-stage-yml.html
@@ -1003,17 +1003,24 @@ <h2>Configuration Options<a class="headerlink" href="#configuration-options" tit
 </div>
 </dd></dl>
 
-<dl class="describe">
+<span class="target" id="disabled-shell"></span><dl class="describe">
 <dt>
 <code class="sig-name descname">disabled_shell (String)</code></dt>
-<dd><p>restrict starting a per-user NGINX process as a user with the given shell</p>
-<dl>
-<dt>Default</dt><dd><p>For OSC restrictions</p>
+<dd><p>Restrict starting a per-user NGINX process as a user with the given shell.</p>
+<blockquote>
+<div><dl>
+<dt>Default</dt><dd><p>Do not start a per-user NGINX for anyone with <code class="docutils literal notranslate"><span class="pre">/access/denied</span></code> shell.</p>
 <div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="nt">disabled_shell</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/access/denied&quot;</span><span class="w"></span>
 </pre></div>
 </div>
 </dd>
+<dt>Example</dt><dd><p>Do not start a per-user NGINX for anyone with <code class="docutils literal notranslate"><span class="pre">/usr/bin/false</span></code> shell.</p>
+<div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="nt">disabeled_shell</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/usr/bin/false&quot;</span><span class="w"></span>
+</pre></div>
+</div>
+</dd>
 </dl>
+</div></blockquote>
 <div class="admonition note">
 <p class="admonition-title">Note</p>
 <p>This will only restrict access to a per-user NGINX process started with

diff --git a/latest/searchindex.js b/latest/searchindex.js