929 B
929 B
Users
To run containers securely; in an environment with fewer privileges, a user is necessary.
Wheel
Before creating the user install doas, to use when root is required:
# apk add doas
Configure doas through /etc/doas.d/main.conf:
permit persist :wheel as root
permit nopasss :_power cmd /sbin/poweroff
permit nopasss :_power cmd /sbin/reboot
Adding a user
Adding a user in Alpine Linux can be done using the setup-user script. Here we can specify the name, groups and more:
# setup-user -g wheel,_power <username>
# passwd <username>
If you have checked that doas works with the user then you can lock the root account because it imposes security risks if it is kept open. This can be done with:
# passwd -l root
and editing /etc/passwd to change the login shell from /bin/ash to /sbin/nologin:
root:x:0:0:root:/root:/sbin/nologin