From 93f0376c14b28cfc96059c151fadc83bc8890b86 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 25 Oct 2016 14:46:11 +0200 Subject: Using sudo in container-shell. Signed-off-by: Daniel Baumann --- share/doc/HOST-SETUP.txt | 13 +++++++++++++ share/sudo/container-tools | 1 + 2 files changed, 14 insertions(+) create mode 100644 share/sudo/container-tools (limited to 'share') diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt index f3d813a..4b18b20 100644 --- a/share/doc/HOST-SETUP.txt +++ b/share/doc/HOST-SETUP.txt @@ -167,3 +167,16 @@ iface br100 inet static bridge_maxwait 0 bridge_stp 0 EOF + + +4. Enabling container-shell +--------------------------- + +Managing containers requires root privileges. In order to allow unprivileged +users to manage containers without granting them privileges or accounts, +the container-shell can be used together with sudo and a container user. + + sudo adduser --gecos "container-tools,,," \ + --home /var/lib/machines/container-tools \ + --shell /usr/bin/container-shell \ + --no-create-home container diff --git a/share/sudo/container-tools b/share/sudo/container-tools new file mode 100644 index 0000000..ced273c --- /dev/null +++ b/share/sudo/container-tools @@ -0,0 +1 @@ +container ALL=NOPASSWD: /usr/lib/container-tools/container/* -- cgit v1.2.3