this post was submitted on 15 Jul 2025
9 points (100.0% liked)

Container platforms (docker, lxc, podman)

415 readers
1 users here now

A place to discuss everything related to Container platforms and runtimes. Docker, LXC, Podman, OpenShift, OCI, and more.

founded 2 years ago
MODERATORS
shertson@lemmy.world
9
Dedicated service user or not ? (jlai.lu)
submitted 5 days ago by mat@jlai.lu to c/containers@lemmy.world
0 comments fedilink hide all child comments
 

Cross-posted from "Dedicated service user or not ?" by @mat@jlai.lu in !selfhosted@lemmy.world

Hi all !

As of today, I am running my services with rootless podman pods and containers. Each functional stack gets its dedicated user (user cloud runs a pod with nextcloud-fpm, nginx, postgresql...) with user mapping. Now, my thought were that if an attack can escape a container, it should be contained to a specific user.

Is it really meaningful ? With service users' home setup in /var/lib, it makes a lot of small stuff annoying and I wonder if the current setup is really worth it ?

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here