summaryrefslogtreecommitdiffstats
path: root/share
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--share/doc/HOST-SETUP.txt13
-rw-r--r--share/sudo/container-tools1
2 files changed, 14 insertions, 0 deletions
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt
index f3d813a..4b18b20 100644
--- a/share/doc/HOST-SETUP.txt
+++ b/share/doc/HOST-SETUP.txt
@@ -167,3 +167,16 @@ iface br100 inet static
bridge_maxwait 0
bridge_stp 0
EOF
+
+
+4. Enabling container-shell
+---------------------------
+
+Managing containers requires root privileges. In order to allow unprivileged
+users to manage containers without granting them privileges or accounts,
+the container-shell can be used together with sudo and a container user.
+
+ sudo adduser --gecos "container-tools,,," \
+ --home /var/lib/machines/container-tools \
+ --shell /usr/bin/container-shell \
+ --no-create-home container
diff --git a/share/sudo/container-tools b/share/sudo/container-tools
new file mode 100644
index 0000000..ced273c
--- /dev/null
+++ b/share/sudo/container-tools
@@ -0,0 +1 @@
+container ALL=NOPASSWD: /usr/lib/container-tools/container/*