summaryrefslogtreecommitdiffstats
path: root/share
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2016-10-25 12:46:11 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2016-10-25 12:46:11 +0000
commit93f0376c14b28cfc96059c151fadc83bc8890b86 (patch)
treee891c2757f76743998e56d6f6903a9c22d7cebee /share
parentAdding note about help for individual commands in container-shell program. (diff)
downloadcompute-tools-93f0376c14b28cfc96059c151fadc83bc8890b86.tar.xz
compute-tools-93f0376c14b28cfc96059c151fadc83bc8890b86.zip
Using sudo in container-shell.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to 'share')
-rw-r--r--share/doc/HOST-SETUP.txt13
-rw-r--r--share/sudo/container-tools1
2 files changed, 14 insertions, 0 deletions
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt
index f3d813a..4b18b20 100644
--- a/share/doc/HOST-SETUP.txt
+++ b/share/doc/HOST-SETUP.txt
@@ -167,3 +167,16 @@ iface br100 inet static
bridge_maxwait 0
bridge_stp 0
EOF
+
+
+4. Enabling container-shell
+---------------------------
+
+Managing containers requires root privileges. In order to allow unprivileged
+users to manage containers without granting them privileges or accounts,
+the container-shell can be used together with sudo and a container user.
+
+ sudo adduser --gecos "container-tools,,," \
+ --home /var/lib/machines/container-tools \
+ --shell /usr/bin/container-shell \
+ --no-create-home container
diff --git a/share/sudo/container-tools b/share/sudo/container-tools
new file mode 100644
index 0000000..ced273c
--- /dev/null
+++ b/share/sudo/container-tools
@@ -0,0 +1 @@
+container ALL=NOPASSWD: /usr/lib/container-tools/container/*