43 lines
929 B
Markdown
43 lines
929 B
Markdown
# Users
|
|
|
|
To run containers securely; in an environment with fewer privileges, a user is necessary.
|
|
|
|
## Wheel
|
|
|
|
Before creating the user install `doas`, to use when root is required:
|
|
|
|
```
|
|
# apk add doas
|
|
```
|
|
|
|
Configure `doas` through `/etc/doas.d/main.conf`:
|
|
|
|
```
|
|
permit persist :wheel as root
|
|
permit nopasss :_power cmd /sbin/poweroff
|
|
permit nopasss :_power cmd /sbin/reboot
|
|
```
|
|
|
|
## Adding a user
|
|
|
|
Adding a user in Alpine Linux can be done using the `setup-user` script. Here we can specify the name, groups and more:
|
|
|
|
```
|
|
# setup-user -g wheel,_power <username>
|
|
# passwd <username>
|
|
```
|
|
|
|
If you have checked that `doas` works with the user then you can lock the root account because it imposes security risks if it is kept open. This can be done with:
|
|
|
|
```
|
|
# passwd -l root
|
|
```
|
|
|
|
and editing `/etc/passwd` to change the login shell from `/bin/ash` to `/sbin/nologin`:
|
|
|
|
```
|
|
root:x:0:0:root:/root:/sbin/nologin
|
|
```
|
|
|
|
## User services
|
|
|