this post was submitted on 15 Jul 2025
6 points (100.0% liked)

Podman

158 readers
1 users here now

founded 2 years ago
MODERATORS
 

Cross-posted from "Dedicated service user or not ?" by @mat@jlai.lu in !selfhosted@lemmy.world


Hi all !

As of today, I am running my services with rootless podman pods and containers. Each functional stack gets its dedicated user (user cloud runs a pod with nextcloud-fpm, nginx, postgresql...) with user mapping. Now, my thought were that if an attack can escape a container, it should be contained to a specific user.

Is it really meaningful ? With service users' home setup in /var/lib, it makes a lot of small stuff annoying and I wonder if the current setup is really worth it ?

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here