Just created my first LXD/LXC container. It opened as root.
— Does presume that all work in that container is in root account? Or should I create a user account.
Many thanks,
LRP
For ubuntu containers, try this (change incus
to lxc
, if you’re using lxd):
incus exec <container_name> -- sudo --login --user ubuntu
Where ubuntu
is the default user for ubuntu containers. These default users have UID 1000, so if you use other distros, you can check their name like this:
incus exec <container_name> -- getent passwd 1000 | cut -d: -f1
The images for system containers and virtual machines may or may not have a default non-root user account. In most cases, they do have such a default non-root user account.
For the images:ubuntu/22.04
image, if you launch a container out of that, then the instance (i.e. the running container) does have a non-root account, with username ubuntu
.
The equivalent Debian container image has a debian
user account, the Alpine container image has a alpine
user account, and so on.
Let’s have a look.
- If you use
--ephemeral
, then when you stop the container, it will also be deleted automatically. This is useful for me when typing this post. - When you
incus exec
and the executed command has parameters (like--login
), you need to figure out a way so that theincus
command does not try to consume the parameter. The--
characters is a Unix shell convention so that the primary command (incus) will stop interpreting parameters, and pass the rest verbatim.
$ incus launch images:ubuntu/22.04 mycontainer --ephemeral
Launching mycontainer
$ incus exec mycontainer sh
# logout
$ incus exec mycontainer bash
root@mycontainer:~# pwd
/root
root@mycontainer:~# ls -l /home/
total 1
drwxr-x--- 2 ubuntu ubuntu 5 Apr 8 07:44 ubuntu
root@mycontainer:~# tail -1 /etc/passwd
ubuntu:x:1000:1000::/home/ubuntu:/bin/bash
root@mycontainer:~# logout
$ incus exec mycontainer sudo --login --user ubuntu
Error: unknown flag: --login
$ incus exec mycontainer -- sudo --login --user ubuntu
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@mycontainer:~$ pwd
/home/ubuntu
ubuntu@mycontainer:~$ logout
$ incus exec mycontainer -- su -l ubuntu
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@mycontainer:~$ logout
$ incus exec mycontainer -- su --login ubuntu
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@mycontainer:~$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),27(sudo)
ubuntu@mycontainer:~$ logout
$ incus stop mycontainer
$
Thanks to all.
I’ve brought up the ubuntu user and created a new user account with adduser. But in both cases I got # on the CL prompt rather than expected $. Does this mean that these are privileged containers?
NOTE: I’m new to Linux containers so no doubt will have many questions. My goal is to build a cluster for hosting websites— but much much to learn.
LRP
Show us what command you use to get a shell into the container.
lxc exec —- bash
Ah— my bad.
I didn’t read Simos’s response carefully enough. Look’s like I need to install Incus rather than Canonical LXD.
LRP