Trying to alter subuid subgid

freddiecook

I'm trying to alter the subuid and subgid via usermod so that I can use podman without sudo. Also the max_user_namespaces need to be increased to 28633 (if it is not that already).

All this is so that I can run podman as an ordinary user without any elevated permissions.
I really hope this makes sense to someone.
thanks anyway

kyrios

You can do this with chmod
for example sudo chmod u+s executableFile (user) or sudo chmod g+s executableFile (group)

no need to mention to be very careful with this.

You you so a ls -l, you'll see a 's' in the user and/or group permissions :
-rwsr-xr-x.

freddiecook

Thanks kyrios, it's the elevated permissions that I'm trying to avoid otherwise there would be less advantage of using podman over other container progs.

quote:
Linux tracks what user or group owns each process by User ID (UID) and Group ID (GID). Normally, a user has access to a thousand or so subordinate UIDs to assign to child processes in a namespace. Because Podman runs an entire subordinate operating system assigned to the user who started the container, you need a lot more than the default allotment of subuids and subgids.

You can grant a user more subuids and subgids with the usermod command. For example, to grant more subuids and subgids to the user tux, choose a suitably high UID that has no user assigned to it (such as 200,000) and increment it by several thousand:

$ sudo usermod \
--add-subuids 200000-265536 \
--add-subgids 200000-265536 \
tux
end quote:
The above command is the one that fails.