this post was submitted on 02 May 2025
21 points (100.0% liked)

Selfhosted

46639 readers
1604 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
21
MicroOS: Rootless podman? (europe.pub)
submitted 2 days ago* (last edited 2 days ago) by nico198x@europe.pub to c/selfhosted@lemmy.world
20 comments fedilink hide all child comments
 

edit 2 Addendum

OK, big thanks to @oakcroissant@feddit.org for bringing this to attention here: https://europe.pub/post/390395/686949

that gets to the root (har har) of my confusion here. am i missing the point of MicroOS, or is it the devs who are wrong? 😆

their INTENTION with MicroOS is for us to just use root, which is contrary to how i've lived Linux basically forever.

Podmans rootless containers are AWESOME on Aeon, where you’re using it interactively and already have none root users.. but that would just be adding unnecessary complications to MicroOS

MicroOS is designed to use with root, and there is no need to create a non root user for anything.

IF there was a need to create a non root user then the installer would create a non-root user

which is exactly what was tripping me up. why weren't they facilitating rootless activity, and thus making me jump through hoops to get there.

answer: because it's not needed, and not the intention.

MicroOS: run as root.

edit Answer

yes, MicroOS only generates a root user at install.

if you want to do rootless containers, you will need to create new, non-root users after.

useradd will NOT generate entries for subuid/subgid by default for the new SYSTEM users.

if the system user already exists, you will need to add them manually:

usermod --add-subuids 100000-165535 <yourusername>
usermod --add-subgids 100000-165535 <yourusername>

otherwise, you must use the -F flag with useradd to generate subids for new system users.

thanks all!

hey all! i need a little help here.

i'm just starting to get into self-hosting, and have chosen MicroOS and podman as my environment and tool.

would someone be able to clarify something for me?

I have a MicroOS install for containers, and it seems to only come with a root user. so if i use podman, won't all my pods be rootful?

i try to make a new non-root user, but podman just keeps complaining about privileges when i run it under that user.

so how is this intended to work exactly?

thanks for any help!

you are viewing a single comment's thread
view the rest of the comments
[–] Sunny@slrpnk.net 6 points 2 days ago (3 children)

I don't run MicroOS myself so take this with a grain of salt. But this is usually how I do it, though there might be a better practice out there for this too.

Afaik, MicroOS by the sound of it, only ships with root by default, but rootless Podman should definitely be possible.

Normally, you need to set up user namespace mappings for your non-root user. Run these commands as root:

usermod --add-subuids 100000-165535 <yourusername>
usermod --add-subgids 100000-165535 <yourusername>

Then check they're set up with:

grep <yourusername> /etc/subuid
grep <yourusername> /etc/subgid

This should give your regular user the ability to map container UIDs without needing root privileges. After that, Podman should work fine as your regular user.

Hope this helps a little 👍

[–] nico198x@europe.pub 1 points 2 days ago (2 children)

it does, thanks! i'm mostly really surprised that MicroOS hasn't prepared all of this ahead of time for something that's supposed to be a "ready for podman containers" install.

[–] oakcroissant@feddit.org 4 points 2 days ago* (last edited 1 day ago) (1 children)

This is what the Aeon maintainer said about root vs rootless in MicroOS:

  1. Since MicroOS is immutable and not meant to be changed then there’s no problem running everything as root; root can’t even write to the immutable parts of the OS
  2. The main benefits for Podman on MicroOS are very many while not including rootless. No daemon to crash and make containers unmanageable. Nicer dependency chain making it easier to keep up to date on TW. Support for kubes.. and many more

Source thread (Reddit)

Edit: spelling

[–] nico198x@europe.pub 1 points 2 days ago

that's great, thanks for sharing! yeah, i love to hear their thoughts on this, since i'm new to ALL of this, immutables and containers. so i want to hear what their design intention is.