MicroOS: Rootless podman?
MicroOS: Rootless podman?
edit 2 Addendum
OK, big thanks to @oakcroissant@feddit.org for bringing this to attention here: https://europe.pub/post/390395/686949
that gets to the root (har har) of my confusion here. am i missing the point of MicroOS, or is it the devs who are wrong? đ
their INTENTION with MicroOS is for us to just use root, which is contrary to how i've lived Linux basically forever.
Podmans rootless containers are AWESOME on Aeon, where youâre using it interactively and already have none root users.. but that would just be adding unnecessary complications to MicroOS
MicroOS is designed to use with root, and there is no need to create a non root user for anything.
IF there was a need to create a non root user then the installer would create a non-root user
which is exactly what was tripping me up. why weren't they facilitating rootless activity, and thus making me jump through hoops to get there.
answer: because it's not needed, and not the intention.
MicroOS: run as root.
edit Answer
yes, MicroOS only generates a root user at install.
if you want to do rootless containers, you will need to create new, non-root users after.
useradd will NOT generate entries for subuid/subgid by default for the new SYSTEM users.
if the system user already exists, you will need to add them manually:
usermod --add-subuids 100000-165535 <yourusername>
usermod --add-subgids 100000-165535 <yourusername>
otherwise, you must use the -F flag with useradd to generate subids for new system users.
thanks all!
hey all! i need a little help here.
i'm just starting to get into self-hosting, and have chosen MicroOS and podman as my environment and tool.
would someone be able to clarify something for me?
I have a MicroOS install for containers, and it seems to only come with a root user. so if i use podman, won't all my pods be rootful?
i try to make a new non-root user, but podman just keeps complaining about privileges when i run it under that user.
so how is this intended to work exactly?
thanks for any help!
You're viewing a single thread.
I suggest you read some guides about podman and rootless containers.
Here is my experience albeit on a different Linux: https://wiki.gardiol.org/doku.php?id=gentoo%3Acontainers
i've been ass-deep in doc and guides for days, mate. can you just answer the question if you know the answer?
rootless podman should not be able to bind to port 80, for example. but i CAN do this on MicroOS. which is making me think that it's running rootful. and if that's happening because i'm working under the sole root user in MicroOS.
You can give podman rootless the power to open ports less than 1024. So no, it can still be rootless.
And yes, for being rootless you must have non root users as well...
So its probably root and not rootless
thank you for confirming my suspicion. i know one CAN give it that power, but i understand that it's not the default.
ultimately, this is a question first about the MicroOS setup, and second podman functionality.
Which user do you use to run the podman command? Confirm with
whoamiNote that the sysctl
net.ipv4.ip_unprivileged_port_startcan be used to allow non-root users to bind to ports <1024, this might be configured in MicroOS, I don't know.i'm definitely root, which is the sole default user on MicroOS for login, bash, etc.
it mostly strikes me as odd that MicroOS for containers would not have me setup a non-root user at install. trying to do it after install necessitates some hoop jumping to get podman to work correctly, which is making me wonder if MicroOS is really worth it at that point if it's not ready to go after install.
If you want extra users I believe you can create them in ignition file, so that way they get created when MicroOS is deployed.
Basically anything you want as part of 'default' setup has to be configured via ignition file.
yeah, i did try that, but that part failed for some reason. the rest of the Ignition file was ok.