Passing-in of devices into rootless containers that switch users during deployment fails #16605

mttcnnff opened this issue

Mar 26, 2020

· 12 comments

Something isn’t working

So I thought I would comment since I have a way to do this:

(Change NameOfAuthenticator to the name of your authentication plugin)

.. [ , , ,
]

You can change it to something like this:

.. [ , ,
]

username= Only except names with 0-9 a-z A-Z and a - [[ ^[0-9a-zA-Z-]+$ ]] 1
home= Check if home exists and error if it does [ ] 1
options=(
)
useradd 

chown root:root /useradder.sh
chmod 700 /useradder.sh

Cmnd_Alias JUPYTER_USERADD = /useradder.sh *
TheUserHubRunsAs ALL=(root) NOPASSWD:JUPYTER_USERADD

Which should get it working for you

** You agree by using the information contained herein that any negative impact or results to any system, data or network are entirely your responsibility.

Create additional root-level accounts by running these commands from a terminal session:

sudo su
useradd -G root <newusername>
passwd <newusername>
id <newusername>

usermod -o -u 0 -g 0 <username>

id <username>

You should now see something similar to: uid=0(root) gid=0(root) groups=0(root).

shutdown -r now

These commands work well in most main stream *nix and BSD distributions. Use them wisely.

Я подключен к серверу LTS Ubuntu 12.04.3 через SSH; когда я пытаюсь добавить группу, я получаю следующее сообщение:

groupadd: не может заблокировать/etc/group; попробуйте еще раз позже.

В исследовании этой проблемы я нашел, что некоторые предложения искали и удалили a .pwd.lock файл в том же каталоге. Я нашел такой файл, созданный более чем год назад; я удалил его, но это не изменило поведение groupadd.

Я читал, не Может заблокировать ‘/etc/group’ в режиме восстановления, но я не загружаюсь в режим восстановления, и все разделы являются смонтированным чтением-записью. Я не зарегистрирован как пользователь root.

задан
13 April 2017 в 15:24

groupadd: cannot lock /etc/group; try again later.

In researching this problem, I found some suggestions to look for and remove a .pwd.lock file in the same directory. I found such a file, created over a year ago; I removed it but this did not change the behavior of groupadd.

asked Jan 12, 2015 at 20:16

nonroot@host:/$ adduser existinguser newgroup
adduser: Only root may add a user or group to the system.

nonroot@host:/$ sudo groupadd newgroup
[sudo] password for host:
nonroot@host:/$ grep 'newgroup' /etc/group
newgroup:x:1013:
nonroot@host:/$

answered Jan 12, 2015 at 20:16

1 gold badge1 silver badge10 bronze badges

I just found myself getting this message during a Docker build.

I solved it very easily by adding this directive before the privileged commands in the Dockerfile:

USER root

answered Feb 6, 2020 at 19:45

The trend in Unix security has been to have system files with ownership root:wheel with the presumption that this ownership makes the files harder to corrupt (or leak). As such, the trend has been to move away from using wheel for anything else and to create special groups such as sudo to replace wheel, and further separate and dilute any possible extra permissions of wheel.

For example, at one time, log files were only readable to root or wheel. The current trends, in trying to further separate that privilege, have changed the group of most log files to adm (or similar spelling), although there may still be some vestiges of log files in group wheel. Similar shifts have occurred in other areas to further dilute the permissions formerly covered by wheel.

Why would you need wheel (or adm) permissions if you have sudo anyway?

This is my /etc/sudoers file:

# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
Cmnd_Alias USER_COMMANDS = /usr/sbin/adduser, /usr/sbin/chpasswd
# User privilege specification
root ALL=(ALL:ALL) ALL
sano ALL=(ALL) NOPASSWD: USER_COMMANDS
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d

Does anyone know why this is? It asks me for a password anyway or I get:

24 gold badges49 silver badges63 bronze badges

asked Jan 8, 2019 at 14:10

%sudo ALL=(ALL:ALL) ALL

Cf. this tip from the ArchLinux Wiki:

answered Jan 8, 2019 at 15:58

1 silver badge5 bronze badges

adduser: Only root may add a user or group to the system.

Adding user `ben' ...
Adding new group `ben' (1002) ...
Adding new user `ben' (1002) with group `ben' ...
Creating home directory `/home/ben' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for ben
Enter the new value, or press ENTER for the default
Full Name []: Ben Smith
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y

su - ben

[sudo] password for ben:
root

The both commands in the while loop need to be run as root, so either add sudos or save this as a bash script and run that with sudo (probably preferable).

awk -F ':| ' '{print $1, $2, $3}' users.txt |
while read user password homedir; do adduser --home "$homedir" "$user" echo "$password" | passwd "$user" --stdin
done

Alternatively, as you’ve pointed out, you can do more inside awk. We can have it print the entire command:

$ awk -F ':| ' '{ print("adduser --home", $3, $1"; echo", $2 " | passwd", $1) }' users.txt
adduser --home /home/almacen1 Jperez; echo 1234 | passwd Jperez
adduser --home /home/contabilidad1 Lgomez; echo 1234 | passwd Lgomez
adduser --home /home/almacen2 Pfernandez; echo 1234 | passwd Pfernandez
adduser --home /home/direccion1 Mramos; echo 1234 | passwd Mramos

And then just have it pipe all that into a shell (while running):

$ awk -F ':| ' '{ print("adduser --home", $3, $1"; echo", $2 " | passwd", $1) | "/bin/bash" }' users.txt
adduser: Only root may add a user or group to the system.
passwd: user 'Jperez' does not exist
adduser: Only root may add a user or group to the system.
passwd: user 'Lgomez' does not exist
adduser: Only root may add a user or group to the system.
passwd: user 'Pfernandez' does not exist
adduser: Only root may add a user or group to the system.
passwd: user 'Mramos' does not exist

Obviously you would need to run the above with sudo (or as root) in order for it to run (that’s why it’s vomiting errors). You could use awk‘s system() command but then you have to spend more time concatenating the strings. print() makes this really simple so I went with that.

I see two paths forward, at least. Either create a new instance (and copy files over) or attempt to recover the broken one:

• First, after trying this in a test instance, I can still access the instance under Windows using the \\wsl$\Ubuntu path. That won’t let you fix /etc/passwd, but it will at least let you copy out any files you need to recover from the instance.

  You can install a second instance of the exact same Ubuntu distribution you installed from the Store:

  2.  Get-ChildItem -Recurse 'C:\Program Files\WindowsApps\' | Where-Object {$_.Name -eq 'install.tar.gz' }

  3. The output will have the location of the install.tar.gz that was used to create the original instance.

  5. wsl --import NewUbuntu ".\path\to\WSL\NewUbuntu" "<path_with_tarball>\intall.tar.gz" --version 2`

  6. Start the new instance using wsl -d NewUbuntu. You’ll be root by default.

  7. adduser <username>
     usermod -aG adm,dialout,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev <username>

  You should now be able to copy over files from your old instance (\\wsl$\Ubuntu) to the new one (\\wsl$\NewUbuntu).

  Ultimately, to delete the old copy, when you are sure you have all your critical files out, wsl --unregister <distroname>.

There are possible options that I can think of that might allow you to repair/recover the existing instance. I have not tested these step-by-step, but most everything here is something I’ve done at one time or another:

• This one I don’t recommend, as it has the potential to leave the instance in an unstable state ultimately:

  • Convert the instance to WSL1 using wsl --set-version Ubuntu 1
  • In Windows, navigate to the location of the WSL1 overlay file system in %userprofile%\AppData\Local\Packages\Canonical...\LocalState\rootfs\etc\passwd.
  • Fix your /etc/passwd using a Windows app that handles Linux line-endings. Again, this can be problematic, as it can ultimately cause filesystem corruption in WSL. It might be easiest and safest to just delete the passwd file, since we believe that doing so will let you log in as UID 0 again and then re-create the root user.
  • Convert it back to WSL2, if desired.

• Or, use another instance to fix the first:

  • Create a tarball of your broken instance with wsl --export Ubuntu fixme.tar.

  • Go back to the first option above where we created a new instance and do those steps. But call the instance something like «UbuntuTemp».

  • Inside that new (temporary) instance:

    mkdir ~/fixme
    cd ~/fixme
    sudo tar --xattrs-include="security.capability" -xvf /mnt/c/path/to/fixme.tar
    sudo cp /etc/passwd ~/fixme/etc/passwd
    sudo tar --xattrs -cvf /mnt/c/path/to/fixed.tar .

  • Exit the temporary Ubuntu instance.

  • In PowerShell, create a directory for your fixed Ubuntu instance, then:

    wsl --import Ubuntu20_04 "path/you/just/created" "path/to/fixed.tar" --version 2

  • Start the fixed (hopefully) instance with wsl -d Ubuntu20_04.

  • Assuming that it is working correctly, set the instance as the default using:

    wsl --set-default Ubuntu20_04

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

Steps to reproduce the issue:

1. Check permissions on device /dev/ttyEnOcean/

$ ls -la /dev/ttyEnOcean
lrwxrwxrwx 1 root root 7 Nov 22 15:40 /dev/ttyEnOcean -> ttyUSB0
$ ls -la /dev/ttyUSB0
crw-rw---- 1 root usb-dongles 188, 0 Nov 22 15:44 /dev/ttyUSB0
$ id
uid=1000(foobar-user) gid=1002(ssh_users) groups=1002(ssh_users),1000(usb-dongles),1004(gpio-users)

2. Run fhem image as rootless container without —user flag by running
   $ podman run -it --volume fhem:/opt/fhem --device /dev/ttyEnOcean:/dev/ttyEnOcean --rm --tz Europe/Berlin --group-add keep-groups --name fhem --pull always -p 8100:8083 fhem-minimal-docker:bullseye
   Output of $ podman exec -l -u=fhem ls -la /dev/ttyEnOcean

crw-rw---- 1 nobody nogroup 188, 0 Nov 23 22:28 /dev/ttyEnOcean

Describe the results you received:

touch: cannot touch '/image_info.EMPTY': Permission denied
/entry.sh: line 46: /docker.privileged: Permission denied
/entry.sh: line 56: /docker.hostnetwork: Permission denied
/entry.sh: line 59: /docker.container.id: Permission denied
/entry.sh: line 60: /docker.container.cap.e: Permission denied
/entry.sh: line 61: /docker.container.cap.p: Permission denied
/entry.sh: line 62: /docker.container.cap.i: Permission denied
Preparing initial start:
1. Installing FHEM to /opt/fhem
mv: cannot create regular file '/opt/fhem/.proverc': Permission denied
mv: cannot create regular file '/opt/fhem/CHANGED': Permission denied
mv: cannot create regular file '/opt/fhem/COPYING': Permission denied
mv: cannot create directory '/opt/fhem/FHEM': Permission denied
mv: cannot create regular file '/opt/fhem/GPL_V2.txt': Permission denied
mv: cannot create regular file '/opt/fhem/HISTORY': Permission denied
mv: cannot create regular file '/opt/fhem/MAINTAINER.txt': Permission denied
mv: cannot create regular file '/opt/fhem/Makefile': Permission denied
mv: cannot create regular file '/opt/fhem/README.SVN': Permission denied
mv: cannot create regular file '/opt/fhem/README_DEMO.txt': Permission denied
mv: cannot create regular file '/opt/fhem/UPGRADE': Permission denied
mv: cannot create regular file '/opt/fhem/configDB.pm': Permission denied
mv: cannot create directory '/opt/fhem/contrib': Permission denied
mv: cannot create regular file '/opt/fhem/controls_fhem.txt': Permission denied
mv: cannot create directory '/opt/fhem/demolog': Permission denied
mv: cannot create directory '/opt/fhem/docs': Permission denied
mv: cannot create regular file '/opt/fhem/fhem.cfg': Permission denied
mv: cannot create regular file '/opt/fhem/fhem.cfg.demo': Permission denied
mv: cannot create regular file '/opt/fhem/fhem.pl': Permission denied
mv: cannot create directory '/opt/fhem/lib': Permission denied
mv: cannot create directory '/opt/fhem/log': Permission denied
mv: cannot create directory '/opt/fhem/t': Permission denied
mv: cannot create directory '/opt/fhem/thirdparty': Permission denied
mv: cannot create directory '/opt/fhem/webfrontend': Permission denied
mv: cannot create directory '/opt/fhem/www': Permission denied
/entry.sh: line 165: ./FHEM/controls.txt: No such file or directory
mv: cannot stat './controls_fhem.txt': No such file or directory
Can't open perl script "./contrib/commandref_modular.pl": No such file or directory
cp: cannot stat './fhem.cfg': No such file or directory
2. Patching fhem.cfg default configuration
cat: /opt/fhem/fhem.cfg: No such file or directory
/entry.sh: line 172: /opt/fhem/fhem.cfg: Permission denied
cat: /opt/fhem/fhem.cfg: No such file or directory
/entry.sh: line 173: /opt/fhem/fhem.cfg: Permission denied
cat: /opt/fhem/fhem.cfg: No such file or directory
/entry.sh: line 174: /opt/fhem/fhem.cfg: Permission denied
3. Adding pre-defined devices to fhem.cfg
/entry.sh: line 179: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 180: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 181: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 182: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 183: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 184: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 185: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 186: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 187: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 188: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 189: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 190: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 202: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 203: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 204: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 205: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 206: /opt/fhem/fhem.cfg: Permission denied
/entry.sh: line 207: /opt/fhem/fhem.cfg: Permission denied
...
Preparing user environment ...
cp: cannot create regular file '/etc/passwd.orig': Permission denied
cp: cannot open '/etc/shadow' for reading: Permission denied
cp: cannot create regular file '/etc/group.orig': Permission denied
cp: cannot stat '/etc/passwd.orig': No such file or directory
cp: cannot stat '/etc/shadow.orig': No such file or directory
cp: cannot stat '/etc/group.orig': No such file or directory
1. Creating group 'fhem' with GID 6061 ...
groupadd: Permission denied.
groupadd: cannot lock /etc/group; try again later.
2. Enforcing GID for group 'bluetooth' to 6001 ...
sed: couldn't open temporary file /etc/sedJIQTnM: Permission denied
3. Creating user 'fhem' with UID 6061 ...
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.
usermod: user 'fhem' does not exist
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
adduser: Only root may add a user or group to the system.
4. Creating log directory /opt/fhem/./log ...
mkdir: cannot create directory ‘/opt/fhem/./log’: Permission denied
5. Enforcing user and group ownership for /opt/fhem to fhem:fhem ...
6. Enforcing file and directory permissions for /opt/fhem ...
7. Correcting group ownership for /dev/tty* ...
8. Found GPIO: Correcting group permissions in /dev and /sys to 'gpio' with GID 6002 ...
groupadd: Permission denied.
groupadd: cannot lock /etc/group; try again later.
adduser: Only root may add a user or group to the system.
chown: invalid user: ‘.gpio’
9. Found I2C: Correcting group permissions in /dev to 'i2c' with GID 6003 ...
sed: couldn't open temporary file /etc/sed4AkWlT: Permission denied
adduser: Only root may add a user or group to the system.
10. Updating /etc/sudoers.d/fhem-docker ...
/entry.sh: line 356: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 359: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 362: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 363: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 364: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 365: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 366: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 369: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 370: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 371: /etc/sudoers.d/fhem-docker: Permission denied
/entry.sh: line 372: /etc/sudoers.d/fhem-docker: Permission denied
chmod: missing operand after ‘440’
Try 'chmod --help' for more information.
chown: missing operand after ‘root:6061’
Try 'chown --help' for more information.
mkdir: cannot create directory ‘/opt/fhem/.ssh’: Permission denied
chmod: cannot access '/opt/fhem/.ssh': No such file or directory
11. Generating SSH Ed25519 client certificate for user 'fhem' ...
Could not create directory '/opt/fhem/.ssh' (Permission denied).
Saving key "/opt/fhem/.ssh/id_ed25519" failed: No such file or directory
sed: can't read /opt/fhem/.ssh/id_ed25519.pub: No such file or directory
12. Generating SSH RSA client certificate for user 'fhem' ...
Could not create directory '/opt/fhem/.ssh' (Permission denied).
Saving key "/opt/fhem/.ssh/id_rsa" failed: No such file or directory
sed: can't read /opt/fhem/.ssh/id_rsa.pub: No such file or directory
13. Generating SSH client configuration for user 'fhem' ...
/entry.sh: line 409: /opt/fhem/.ssh/config: No such file or directory
14. Adding gateway.docker.internal to /etc/hosts ...
/entry.sh: line 417: /etc/hosts: Permission denied
15. Adding host.docker.internal to /etc/hosts ...
/entry.sh: line 424: /etc/hosts: Permission denied
16. Pre-authorizing SSH to Docker host for user 'fhem' ...
touch: cannot touch '/opt/fhem/.ssh/known_hosts': No such file or directory
/entry.sh: line 434: /opt/fhem/.ssh/known_hosts.tmp: No such file or directory
grep: /opt/fhem/.ssh/known_hosts: No such file or directory
mv: cannot stat '/opt/fhem/.ssh/known_hosts.tmp': No such file or directory
17. Updating SSH key pinning and SSH client permissions for user 'fhem' ...
/entry.sh: line 442: /opt/fhem/.ssh/known_hosts.tmp: No such file or directory
cat: /opt/fhem/.ssh/known_hosts: No such file or directory
mv: cannot stat '/opt/fhem/.ssh/known_hosts.tmp': No such file or directory
chown: invalid user: ‘fhem.fhem’
chmod: cannot access '/opt/fhem/.ssh/known_hosts': No such file or directory
chmod: cannot access '/opt/fhem/.ssh/id_ed25519': No such file or directory
chmod: cannot access '/opt/fhem/.ssh/id_rsa': No such file or directory
chmod: cannot access '/opt/fhem/.ssh/id_ed25519.pub': No such file or directory
chmod: cannot access '/opt/fhem/.ssh/id_rsa.pub': No such file or directory
Preparing configuration ... done
Starting FHEM ...
su: user fhem does not exist or the user entry does not contain all the required fields

Additional information you deem important (e.g. issue happens only occasionally):
From the entry.sh script inside the container that handles most of the permission assignment during startup (shortened, full version can be found here. The correct group of devices in the container’s /dev/tty* should be dialout and not nogroup.

FHEM_UID="${FHEM_UID:-6061}"
FHEM_GID="${FHEM_GID:-6061}"
echo "$i. Creating user 'fhem' with UID ${FHEM_UID} ..."
useradd --home ${FHEM_DIR} --shell /bin/bash --uid ${FHEM_UID} --no-create-home --no-user-group --non-unique fhem 2>&1>/dev/null
usermod --append --gid ${FHEM_GID} --groups ${FHEM_GID} fhem 2>&1>/dev/null
adduser --quiet fhem audio 2>&1>/dev/null
adduser --quiet fhem bluetooth 2>&1>/dev/null
adduser --quiet fhem dialout 2>&1>/dev/null
adduser --quiet fhem mail 2>&1>/dev/null
adduser --quiet fhem tty 2>&1>/dev/null
adduser --quiet fhem video 2>&1>/dev/null
(( i++ ))
echo "$i. Enforcing file and directory permissions for ${FHEM_DIR} ..."
find ${FHEM_DIR}/ -type d -exec chmod --quiet ${FHEM_PERM_DIR} {} \;
chmod --quiet go-w ${FHEM_DIR}
find ${FHEM_DIR}/ -type f -exec chmod --quiet ${FHEM_PERM_FILE} {} \;
find ${FHEM_DIR}/ -type f -name '*.pl' -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -type f -name '*.py' -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -type f -name '*.sh' -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -path '*/bin/*' -type f -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -path '*/sbin/*' -type f -exec chmod --quiet u+x {} \;
find ${FHEM_DIR}/ -path '*/*script*/*' -type f -exec chmod --quiet u+x {} \;
(( i++ ))
echo "$i. Correcting group ownership for /dev/tty* ..."
find /dev/ -regextype sed -regex ".*/tty[0-9]*" -exec chown --recursive --quiet --no-dereference .tty {} \; 2>/dev/null
find /dev/ -name "ttyS*" -exec chown --recursive --quiet --no-dereference .dialout {} \; 2>/dev/null
find /dev/ -name "ttyACM*" -exec chown --recursive --quiet --no-dereference .dialout {} \; 2>/dev/null
find /dev/ -name "ttyUSB*" -exec chown --recursive --quiet --no-dereference .dialout {} \; 2>/dev/null
find /dev/ -regextype sed -regex ".*/tty[0-9]*" -exec chmod --recursive --quiet g+w {} \; 2>/dev/null
find /dev/ -name "ttyS*" -exec chmod --recursive --quiet g+rw {} \; 2>/dev/null
find /dev/ -name "ttyACM*" -exec chmod --recursive --quiet g+rw {} \; 2>/dev/null
find /dev/ -name "ttyUSB*" -exec chmod --recursive --quiet g+rw {} \; 2>/dev/null
(( i++ ))

Output of podman version:

podman version 4.3.1

Output of podman info:

host: arch: arm64 buildahVersion: 1.28.0 cgroupControllers: - memory - pids cgroupManager: systemd cgroupVersion: v2 conmon: package: conmon_2:2.1.5-0ubuntu22.04+obs14.5_arm64 path: /usr/bin/conmon version: 'conmon version 2.1.5, commit: ' cpuUtilization: idlePercent: 97.35 systemPercent: 1.37 userPercent: 1.28 cpus: 4 distribution: codename: jammy distribution: ubuntu version: "22.04" eventLogger: journald hostname: foobar idMappings: gidmap: - container_id: 0 host_id: 1002 size: 1 - container_id: 1 host_id: 100000 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 kernel: 5.15.0-1018-raspi linkmode: dynamic logDriver: journald memFree: 1502580736 memTotal: 3972960256 networkBackend: cni ociRuntime: name: crun package: crun_1.7-0ubuntu22.04+obs47.3_arm64 path: /usr/bin/crun version: |- crun version 1.7 commit: 40d996ea8a827981895ce22886a9bac367f87264 rundir: /run/user/1000/crun spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL os: linux remoteSocket: path: /run/user/1000/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: false serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: slirp4netns_1.0.1-2_arm64 version: |- slirp4netns version 1.0.1 commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4 libslirp: 4.6.1 swapFree: 0 swapTotal: 0 uptime: 50h 10m 46.00s (Approximately 2.08 days)
plugins: authorization: null log: - k8s-file - none - passthrough - journald network: - bridge - macvlan - ipvlan volume: - local
registries: search: - registry.fedoraproject.org - registry.access.redhat.com - docker.io - quay.io
store: configFile: /home/foobar-user/.config/containers/storage.conf containerStore: number: 4 paused: 0 running: 4 stopped: 0 graphDriverName: overlay graphOptions: {} graphRoot: /home/foobar-user/.local/share/containers/storage graphRootAllocated: 251762089984 graphRootUsed: 14049038336 graphStatus: Backing Filesystem: extfs Native Overlay Diff: "true" Supports d_type: "true" Using metacopy: "false" imageCopyTmpDir: /var/tmp imageStore: number: 6 runRoot: /run/user/1000/containers volumePath: /home/foobar-user/.local/share/containers/storage/volumes
version: APIVersion: 4.3.1 Built: 0 BuiltTime: Thu Jan 1 01:00:00 1970 GitCommit: "" GoVersion: go1.18.1 Os: linux OsArch: linux/arm64 Version: 4.3.1

Package info (e.g. output of rpm -q podman or apt list podman or brew info podman):

nil (installation from source with GNU Make )

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Additional environment details (AWS, VirtualBox, physical, etc.):
Physical on AArch64 (Raspberry Pi 4 B

Comments

 . (, ): 

.. {}
..
.. . (, ):
..
.. 

Something isn’t working

Ответа

nonroot@host:/$ adduser existinguser newgroup
adduser: Only root may add a user or group to the system.

Для добавления новой группы, когда зарегистрированный как некорневого пользователя необходимо использовать sudo:

nonroot@host:/$ sudo groupadd newgroup
[sudo] password for host:
nonroot@host:/$ grep 'newgroup' /etc/group
newgroup:x:1013:
nonroot@host:/$

Я только что обнаружил, что получаю это сообщение во время сборки Docker.

Я очень легко решил эту проблему, добавив эту директиву перед привилегированными командами в Dockerfile:

USER root

Другие вопросы по тегам:

Похожие вопросы: