Skip to Content.
Sympa Menu

linux-announce - Re: [[Linux-announce] ] central subuid and subgid management for rootless podman

linux-announce AT lists.psi.ch

Subject: Linux Mailing List

List archive

Re: [[Linux-announce] ] central subuid and subgid management for rootless podman


Chronological Thread  
  • From: "Konrad Bucheli (PSI)" <konrad.bucheli AT psi.ch>
  • To: linux-announce AT lists.psi.ch
  • Subject: Re: [[Linux-announce] ] central subuid and subgid management for rootless podman
  • Date: Mon, 9 Sep 2024 15:12:11 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 20.250.76.7) smtp.rcpttodomain=lists.psi.ch smtp.mailfrom=psi.ch; dmarc=pass (p=none sp=none pct=100) action=none header.from=psi.ch; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H+IEblCTS+0hDh2BVeEGMOMPvLBHpB8UMbk8/AfTwUc=; b=jvNV3CE1bzUVTUrRLsbAMiuwKW1DEw5XyceDZuRMxtNJuiTWfzZW3sG2yxjay28Kxvp83I0Rj9upGwkSBCBnf0cBkZwcVKHVAo7ity/k3Il51P83Hh4bzcO6VhmChdZ21ws9Iqg8wmUUFLWGGLGE0/1o5o057g/mMIayNbpq3qfifekr+4l4gyPbenujQb9vysznl6QLEUbUpkITCD9pTTVGQ6UyhWLMP1pq32rblAG0Zui293eJvCF8QRxlxR4Wn5Bt6yCOV9tY29RQCGkgAiTh0eaeviFuWu2cSyCln4jYdAKScXDfl2sz31c8Udpgg8klg5ua7FkISNeHMRL3Iw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AipXtlf7Or197g8pKFzyBhEeVvXeoLKSG90Kju0gJgCGLw48lls6xbNXdwgTkklpREXJHtArl1qlFsVOnXdNO+zFNYWf3AoAntSkobJzxA4J8XrJtUfaPhSudR1PtilF7EWSN0wQvjQVHZfFKx8hEek/f5QgJXdIlwFfsLtAETqS301JwgC1LR9vepi8nfOv8SOOxU14bn+izqpAHfl1uol01HR9DO/6Xmxva5X4w4lPe8F2+0QqCDfVGB7339MELel05MKSeadD6n/+TnRkV1oT17PCGRZJxANzjF49DQYfXadVdDUgjV9mUE2Hi4huM1o8FDFHoXOziCiVZ3qJiw==
  • Authentication-results: mc2.ethz.ch; iprev=pass (mail-switzerlandnorthazon11021076.outbound.protection.outlook.com) smtp.remote-ip=40.107.167.76; spf=pass smtp.mailfrom=psi.ch; dkim=pass header.d=psi.ch header.s=selector2 header.a=rsa-sha256; dmarc=pass header.from=psi.ch
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=psi.ch;

Hi

An update on the central subuid and subgid management: it is now UID based due to efficiency reasons.

What changes for you:
- the API request only allows for usernames which are in the AD or, new, UIDs (they do not need to be in the AD).
- the generated /etc/subuid / /etc/subgid entries use UIDs instead of usernames
- the users "gilles_m" and "test1_3" have been removed as they are not in the AD. If you wish them in again, reserve the ID range with their UID.

@Hans: thanks for pointing this out

Cheers
Konrad

On 03.09.24 17:50, Konrad Bucheli (PSI) wrote:
Dear container people

If you understand the title ;-) then please have a look at

   https://linux.psi.ch/admin-guide/container.html#subuids-and-subgids

to see how you can use PSI wide unique and reserved subuid/subguid ranges for you and your users.

Cheers
Konrad






Archive powered by MHonArc 2.6.24.

Top of Page