To run containers securely; in an environment with fewer privileges, a user is necessary.
## Wheel
Before creating the user install `doas`, to use when root is required:
```
# apk add doas
```
Configure `doas` through `/etc/doas.d/main.conf`:
```
permit persist :wheel as root
permit nopasss :_power cmd /sbin/poweroff
permit nopasss :_power cmd /sbin/reboot
```
## Adding a user
Adding a user in Alpine Linux can be done using the `setup-user` script. Here we can specify the name, groups and more:
```
# setup-user -g wheel,_power <username>
# passwd <username>
```
If you have checked that `doas` works with the user then you can lock the root account because it imposes security risks if it is kept open. This can be done with:
```
# passwd -l root
```
and editing `/etc/passwd` to change the login shell from `/bin/ash` to `/sbin/nologin`:
