linux-announce AT lists.psi.ch
Subject: Linux Mailing List
List archive
Re: [[Linux-announce] ] central subuid and subgid management for rootless podman
Chronological Thread
- From: "Konrad Bucheli (PSI)" <konrad.bucheli AT psi.ch>
- To: linux-announce AT lists.psi.ch
- Subject: Re: [[Linux-announce] ] central subuid and subgid management for rootless podman
- Date: Mon, 9 Sep 2024 15:12:11 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 20.250.76.7) smtp.rcpttodomain=lists.psi.ch smtp.mailfrom=psi.ch; dmarc=pass (p=none sp=none pct=100) action=none header.from=psi.ch; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H+IEblCTS+0hDh2BVeEGMOMPvLBHpB8UMbk8/AfTwUc=; b=jvNV3CE1bzUVTUrRLsbAMiuwKW1DEw5XyceDZuRMxtNJuiTWfzZW3sG2yxjay28Kxvp83I0Rj9upGwkSBCBnf0cBkZwcVKHVAo7ity/k3Il51P83Hh4bzcO6VhmChdZ21ws9Iqg8wmUUFLWGGLGE0/1o5o057g/mMIayNbpq3qfifekr+4l4gyPbenujQb9vysznl6QLEUbUpkITCD9pTTVGQ6UyhWLMP1pq32rblAG0Zui293eJvCF8QRxlxR4Wn5Bt6yCOV9tY29RQCGkgAiTh0eaeviFuWu2cSyCln4jYdAKScXDfl2sz31c8Udpgg8klg5ua7FkISNeHMRL3Iw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AipXtlf7Or197g8pKFzyBhEeVvXeoLKSG90Kju0gJgCGLw48lls6xbNXdwgTkklpREXJHtArl1qlFsVOnXdNO+zFNYWf3AoAntSkobJzxA4J8XrJtUfaPhSudR1PtilF7EWSN0wQvjQVHZfFKx8hEek/f5QgJXdIlwFfsLtAETqS301JwgC1LR9vepi8nfOv8SOOxU14bn+izqpAHfl1uol01HR9DO/6Xmxva5X4w4lPe8F2+0QqCDfVGB7339MELel05MKSeadD6n/+TnRkV1oT17PCGRZJxANzjF49DQYfXadVdDUgjV9mUE2Hi4huM1o8FDFHoXOziCiVZ3qJiw==
- Authentication-results: mc2.ethz.ch; iprev=pass (mail-switzerlandnorthazon11021076.outbound.protection.outlook.com) smtp.remote-ip=40.107.167.76; spf=pass smtp.mailfrom=psi.ch; dkim=pass header.d=psi.ch header.s=selector2 header.a=rsa-sha256; dmarc=pass header.from=psi.ch
- Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=psi.ch;
Hi
An update on the central subuid and subgid management: it is now UID based due to efficiency reasons.
What changes for you:
- the API request only allows for usernames which are in the AD or, new, UIDs (they do not need to be in the AD).
- the generated /etc/subuid / /etc/subgid entries use UIDs instead of usernames
- the users "gilles_m" and "test1_3" have been removed as they are not in the AD. If you wish them in again, reserve the ID range with their UID.
@Hans: thanks for pointing this out
Cheers
Konrad
On 03.09.24 17:50, Konrad Bucheli (PSI) wrote:
Dear container people
If you understand the title ;-) then please have a look at
https://linux.psi.ch/admin-guide/container.html#subuids-and-subgids
to see how you can use PSI wide unique and reserved subuid/subguid ranges for you and your users.
Cheers
Konrad
-
[[Linux-announce] ] central subuid and subgid management for rootless podman,
Konrad Bucheli (PSI), 09/03/2024
- Re: [[Linux-announce] ] central subuid and subgid management for rootless podman, Konrad Bucheli (PSI), 09/09/2024
Archive powered by MHonArc 2.6.24.