# Users

To run containers securely; in an environment with fewer privileges, a user is necessary.

## Wheel

Before creating the user install `doas`, to use when root is required:

```
# apk add doas
```

Configure `doas` through `/etc/doas.d/main.conf`:

```
permit persist :wheel as root
permit nopasss :_power cmd /sbin/poweroff
permit nopasss :_power cmd /sbin/reboot
```

## Adding a user

Adding a user in Alpine Linux can be done using the `setup-user` script. Here we can specify the name, groups and more:

```
# setup-user -g wheel,_power <username>
# passwd <username>
```

If you have checked that `doas` works with the user then you can lock the root account because it imposes security risks if it is kept open. This can be done with:

```
# passwd -l root
```

and editing `/etc/passwd` to change the login shell from `/bin/ash` to `/sbin/nologin`:

```
root:x:0:0:root:/root:/sbin/nologin
```

## User services