Free Alpine Linux Shell Accounts

18911131417

Comments

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said:

    @Not_Oles said:
    Install of LXC
    What additional changes might be required, if any?

    • cgroups user delegation
    • subuid and subgid files
    fmt:/etc# ls -l *id
    -rw-r--r--    1 root     root            18 Dec 30 06:06 subgid
    -rw-r--r--    1 root     root            18 Dec 30 06:06 subuid
    fmt:/etc# cat *id
    root:100000:65536
    root:100000:65536
    fmt:/etc# 
    
    • network bridge and lxc-usernet file

    Friendly greetings! :)

  • I would like to have one thx

    Thanked by (1)Not_Oles
  • @Not_Oles said:

    @yoursunny said:

    @Not_Oles said:
    Install of LXC

    subuid and subgid files

    fmt:/etc# ls -l *id
    -rw-r--r--    1 root     root            18 Dec 30 06:06 subgid
    -rw-r--r--    1 root     root            18 Dec 30 06:06 subuid
    fmt:/etc# cat *id
    root:100000:65536
    root:100000:65536
    fmt:/etc# 
    

    This allows root to create unprivileged LXC containers, but not anybody else.
    subuid and subgid files need to have one entry per user, on non-overlapping ranges.
    Once assigned, the range cannot change, otherwise the user's containers cannot start again.
    I'd suggest deriving user ranges from their uids.

    getent passwd | awk -vFS=: -vOFS=: '
      $3>=1000 && $3<10000 {
        print $1, $3*1000000, 65536
      }
    '
    
    Thanked by (1)Not_Oles

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @g121 said:
    I would like to have one thx

    Hi @g121!

    Best wishes for a Happy New Year!

    Since you are new here at LES we can say that your being new helps us celebrate the new in the New Year. :)

    Do you want to share a little about who and where you are and what you want to do on the server?

    Thanks!

    Tom

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited December 2022

    @yoursunny Thanks for yet another of your helpful and interesting comments!

    @yoursunny said: This allows root to create unprivileged LXC containers, but not anybody else.

    Do you see any issue with allowing non-root users to create their own containers? I was thinking of trying to set up LXC so that the containers each had their own IPv4 and IPv6/64.

    @yoursunny said: I'd suggest deriving user ranges from their uids.

    I haven't tried this yet, but it seems like a wonderful way to use getent and awk to derive user ranges! I would enjoy more context. For example, I took a quick look at the server's getent(1) man page. :) But that man page provided little historical context.

    May I please ask where did you get this idea? Do you have a link to an LXC setup tutorial that discusses this method? I did a quick Google search and didn't find this idea for configuring user ranges.

    Thanks again and a very happy new year! :)

  • @Not_Oles said:
    @yoursunny Thanks for yet another of your helpful and interesting comments!

    @yoursunny said: This allows root to create unprivileged LXC containers, but not anybody else.

    Do you see any issue with allowing non-root users to create their own containers? I was thinking of trying to set up LXC so that the containers each had their own IPv4 and IPv6/64.

    A container created by a non-root user would not have more privileges than that user.

    Address assignment is the next step: network bridge and lxc-usernet file.

    @yoursunny said: I'd suggest deriving user ranges from their uids.

    I haven't tried this yet, but it seems like a wonderful way to use getent and awk to derive user ranges! I would enjoy more context. For example, I took a quick look at the server's getent(1) man page. :) But that man page provided little historical context.

    You can safely run this command line to see its effect.
    It only prints the subuid map, but does not modify any files.

    May I please ask where did you get this idea? Do you have a link to an LXC setup tutorial that discusses this method? I did a quick Google search and didn't find this idea for configuring user ranges.

    These come from subuid manpage.
    In my own server I only have one entry lxc:100000:65536 that allows a user named lxc to create containers.

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited December 2022

    Happy New Year

    Happy New Year everyone! I hope you continue to enjoy our time on this server!

    I especially thank those who have thanked me for and posted replies to my server setup reports. Some of these have drawn so few thanks and so few comments that I considered no longer posting setup updates and transcripts.

    For example, here's a recent update that did not previously get posted:

    Man pages update

    I was wondering why I couldn't seem to see many man pages on the server. Looking around on Google, I found that, in Alpine, man pages frequently are an additional package with the name $package-doc. I found a neat trick at https://georgegarside.com/blog/technology/alpine-linux-install-all-man-pages/:

    apk list -I | sed -rn '/-doc/! s/([a-z-]+[a-z]).*/\1/p' | xargs -tI§ apk add §-doc

    This trick seemed to work to install a lot of the man pages which were not installed because I didn't add $package-doc to apk add $package.

    I won't post the lengthy output of this command, but I have it if anybody wants to see it. :)

    If you find a man page that still seems missing, please let me know, and I will try to add it. Thanks!

    Are people interested in continuing setup update posts?

  • @Not_Oles said:

    @g121 said:
    I would like to have one thx

    Hi @g121!

    Best wishes for a Happy New Year!

    Since you are new here at LES we can say that your being new helps us celebrate the new in the New Year. :)

    Do you want to share a little about who and where you are and what you want to do on the server?

    Thanks!

    Tom

    Thank you, I wish you a happy new year, I am a student from China, I already have two vps, but I haven't used alpine yet, so I want to try it, I will run a web service on it or telegram bot or something

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @g121 said:

    @Not_Oles said:

    @g121 said:
    I would like to have one thx

    Hi @g121!

    Best wishes for a Happy New Year!

    Since you are new here at LES we can say that your being new helps us celebrate the new in the New Year. :)

    Do you want to share a little about who and where you are and what you want to do on the server?

    Thanks!

    Tom

    Thank you, I wish you a happy new year, I am a student from China, I already have two vps, but I haven't used alpine yet, so I want to try it, I will run a web service on it or telegram bot or something

    Hi @g121!

    Could you please post your ed25519 public key?

    May I please ask whether you are a high school student or a university student? Are you studying or do you want to study computer engineering?

    Best wishes!

    Tom

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Maybe I should at least look around a little. . . .

    fmt:~$ git clone https://github.com/lxc/lxc.git
    Cloning into 'lxc'...
    remote: Enumerating objects: 89628, done.
    remote: Counting objects: 100% (498/498), done.
    remote: Compressing objects: 100% (279/279), done.
    remote: Total 89628 (delta 257), reused 438 (delta 219), pack-reused 89130
    Receiving objects: 100% (89628/89628), 33.93 MiB | 20.62 MiB/s, done.
    Resolving deltas: 100% (62684/62684), done.
    fmt:~$ 
    

    @Not_Oles said: @yoursunny said: I'd suggest deriving user ranges from their uids.

    # Probably will replace the login name with the UID 
    notoles:1000000000:65536
    yoursunny:1018000000:65536
    

    Anybody else want in on LXC? Thanks!

    @yoursunny said: Address assignment is the next step: network bridge and lxc-usernet file.

    Noted. Thanks for your help!

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said: These come from subuid manpage.

    @Not_Oles said: If you find a man page that still seems missing, please let me know, and I will try to add it. Thanks!

    Hmm, the subuid manpage doesn't seem to be installed on fmt. How did I miss it? What apk package has it? :)

  • @Not_Oles said:
    Maybe I should at least look around a little. . . .

    fmt:~$ git clone https://github.com/lxc/lxc.git
    Cloning into 'lxc'...
    remote: Enumerating objects: 89628, done.
    remote: Counting objects: 100% (498/498), done.
    remote: Compressing objects: 100% (279/279), done.
    remote: Total 89628 (delta 257), reused 438 (delta 219), pack-reused 89130
    Receiving objects: 100% (89628/89628), 33.93 MiB | 20.62 MiB/s, done.
    Resolving deltas: 100% (62684/62684), done.
    fmt:~$ 
    

    @Not_Oles said: @yoursunny said: I'd suggest deriving user ranges from their uids.

    # Probably will replace the login name with the UID 
    notoles:1000000000:65536
    yoursunny:1018000000:65536
    

    Anybody else want in on LXC? Thanks!

    @yoursunny said: Address assignment is the next step: network bridge and lxc-usernet file.

    Noted. Thanks for your help!

    Why not LXD? It's a lot more usable than plain LXC.

  • @drunekndog said:
    Why not LXD? It's a lot more usable than plain LXC.

    Why not LXC?
    It's a lot more efficient than fancy LXD.

    An important technical limitation of LXD is the lack of isolation between host machine users authorized to create containers.

    From LXD installation:

    Access control for LXD is based on group membership.
    The root user and all members of the lxd group can interact with the local daemon.

    Anyone with access to the LXD socket can fully control LXD, which includes the ability to attach host devices and file systems.

    In contrast, LXC doesn't have a local daemon.
    Each user can launch their own unprivileged containers, without being able to access other users' containers.

    Thanked by (1)Not_Oles

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • @Not_Oles said: @yoursunny said: I'd suggest deriving user ranges from their uids.

    # Probably will replace the login name with the UID 
    notoles:1000000000:65536
    yoursunny:1018000000:65536
    

    Anybody else want in on LXC? Thanks!

    >

    I'd love to Tinkle with lxc..

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @localhost said:

    @Not_Oles said: @yoursunny said: I'd suggest deriving user ranges from their uids.

    # Probably will replace the login name with the UID 
    notoles:1000000000:65536
    yoursunny:1018000000:65536
    

    Anybody else want in on LXC? Thanks!

    >

    I'd love to Tinkle with lxc..

    Hi @localhost!

    I'd love to Tinkle with lxc..

    You are in. But it's not quite ready yet. So please keep watching this thread, and maybe helping me out with the configuration.

    notoles:1000000000:65536
    localhost:1002000000:65536
    yoursunny:1018000000:65536
    

    Tinkle

    May we please go easy on this kind of language here in this thread? Yes, I do appreciate the linguistic humor, maybe"tinker" vs "tinkle." But there are plenty enough other threads for humor. Thanks very much!

    Thanked by (1)localhost
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @drunekndog said: Why not LXD? It's a lot more usable than plain LXC.

    Hi! LXD probably is okay. Certainly I have nothing against LXD. I myself haven't got to LXD yet. As of course you know, LXD is built on top of LXC. I imagined it might be a good idea to learn a little about how the LXC foundation worked before moving on to LCD.

    @yoursunny said:

    [LXC] is a lot more efficient than fancy LXD.

    An important technical limitation of LXD is the lack of isolation between host machine users authorized to create containers.

    Thanks @yoursunny! I appreciate your mentioning efficiency and isolation. :)

  • @Not_Oles said: I imagined it might be a good idea to learn a little about how the LXC foundation worked before moving on to LCD.

    Do we get a fancy LCD screen once we aced the LXC game? :bleep_bloop:

    Thanked by (2)yoursunny Not_Oles

    The all seeing eye sees everything...

  • rootroot OG
    edited January 2023

    Redacted. Wrong thread clicked.

    Stacksocial link (aff) containing a gift of $10 after your first purchase.

  • @Not_Oles said: Anybody else want in on LXC? Thanks!

    I would like to try it.
    Count me in.Thanks!

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @subenhon said:

    @Not_Oles said: Anybody else want in on LXC? Thanks!

    I would like to try it.
    Count me in.Thanks!

    You are in! :)

    notoles:1000000000:65536
    localhost:1002000000:65536
    yoursunny:1018000000:65536
    subenhon:1022000000:65536
    
  • I'm interested, can i use this for building APKs ?

    it will involve abuild and aports;
    https://wiki.alpinelinux.org/wiki/Include:Abuild
    https://wiki.alpinelinux.org/wiki/Aports_tree

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • @Not_Oles said:

    @g121 said:

    @Not_Oles said:

    @g121 said:
    I would like to have one thx

    Hi @g121!

    Best wishes for a Happy New Year!

    Since you are new here at LES we can say that your being new helps us celebrate the new in the New Year. :)

    Do you want to share a little about who and where you are and what you want to do on the server?

    Thanks!

    Tom

    Thank you, I wish you a happy new year, I am a student from China, I already have two vps, but I haven't used alpine yet, so I want to try it, I will run a web service on it or telegram bot or something

    Hi @g121!

    Could you please post your ed25519 public key?

    May I please ask whether you are a high school student or a university student? Are you studying or do you want to study computer engineering?

    Best wishes!

    Tom

    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATk14TvQ1rBHNPAIvStuSK6OsHQKn8gXxkYa890+4TP

    I am a university student. In fact, I am not learning computer related, but I am very interested in the computer. We learned C. Now I want to learn Python during the holidays

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @Encoders said:
    I'm interested, can i use this for building APKs ?

    it will involve abuild and aports;
    https://wiki.alpinelinux.org/wiki/Include:Abuild
    https://wiki.alpinelinux.org/wiki/Aports_tree

    Maybe. But also maybe you are posting in the way you described yourself on your LES profile?

    About Me: 27/4 sh*tposting for teh lulz

    Best wishes! :)

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @g121 said:

    @Not_Oles said:

    @g121 said:

    @Not_Oles said:

    @g121 said:
    I would like to have one thx

    Hi @g121!

    Best wishes for a Happy New Year!

    Since you are new here at LES we can say that your being new helps us celebrate the new in the New Year. :)

    Do you want to share a little about who and where you are and what you want to do on the server?

    Thanks!

    Tom

    Thank you, I wish you a happy new year, I am a student from China, I already have two vps, but I haven't used alpine yet, so I want to try it, I will run a web service on it or telegram bot or something

    Hi @g121!

    Could you please post your ed25519 public key?

    May I please ask whether you are a high school student or a university student? Are you studying or do you want to study computer engineering?

    Best wishes!

    Tom

    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATk14TvQ1rBHNPAIvStuSK6OsHQKn8gXxkYa890+4TP

    I am a university student. In fact, I am not learning computer related, but I am very interested in the computer. We learned C. Now I want to learn Python during the holidays

    Hi @g121!

    Hope you have fun learning Python! Hope your new account can help you learn!

    You should be able to get in via IPv4 or IPv6 with your ssh key using something like:

    ssh [email protected] -p 42365

    Your account password is in a file in your home directory. Please change your password.

    Please let us know if you can login okay!

    I am looking forward to seeing your post here in this thread about fun stuff you accomplish on the server. Congrats in advance!

    Best!

    Tom

  • @Not_Oles said:

    @Encoders said:
    I'm interested, can i use this for building APKs ?

    it will involve abuild and aports;
    https://wiki.alpinelinux.org/wiki/Include:Abuild
    https://wiki.alpinelinux.org/wiki/Aports_tree

    Maybe. But also maybe you are posting in the way you described yourself on your LES profile?

    unfortunately, yes

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

  • @Not_Oles said:

    @subenhon said:

    @Not_Oles said: Anybody else want in on LXC? Thanks!

    I would like to try it.
    Count me in.Thanks!

    You are in! :)

    notoles:1000000000:65536
    localhost:1002000000:65536
    yoursunny:1018000000:65536
    subenhon:1022000000:65536
    

    May I jump in also @Not_Oles 😁

    Thanked by (1)Not_Oles
  • None of the subuid subgid settings are actually deployed :'(

    fmt:~$ cat /etc/subuid 
    root:100000:65536
    fmt:~$ cat /etc/subgid 
    root:100000:65536
    
    Thanked by (1)Not_Oles

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @Fritz said:

    @Not_Oles said:

    @subenhon said:

    @Not_Oles said: Anybody else want in on LXC? Thanks!

    I would like to try it.
    Count me in.Thanks!

    You are in! :)

    notoles:1000000000:65536
    localhost:1002000000:65536
    yoursunny:1018000000:65536
    subenhon:1022000000:65536
    

    May I jump in also @Not_Oles 😁

    Yep! Welcome again, @Fritz!

    notoles:1000000000:65536
    localhost:1002000000:65536
    Fritz:1005000000:65536
    yoursunny:1018000000:65536
    subenhon:1022000000:65536
    
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said:
    None of the subuid subgid settings are actually deployed :'(

    fmt:~$ cat /etc/subuid 
    root:100000:65536
    fmt:~$ cat /etc/subgid 
    root:100000:65536
    

    Apologies @yoursunny! I am keeping the list locally. I haven't yet updated the subuid and subgid files on the server. I assumed I maybe could update the files on the server one time after the list seemed to be complete.

    Due to your constant and careful study of everything in all six directions, you caught my laziness.

    Guys, almost the last chance for this batch of LXC chicken. The next batch might be awhile. . . . Anybody else wanna jump on the LXC train?

    @yoursunny said: Address assignment is the next step: network bridge and lxc-usernet file.

    Just got a copy of the bridge setup I have been using elsewhere. 🔜 I hope. Thank you!

  • @Not_Oles said:

    @Fritz said:

    @Not_Oles said:

    @subenhon said:

    @Not_Oles said: Anybody else want in on LXC? Thanks!

    I would like to try it.
    Count me in.Thanks!

    You are in! :)

    notoles:1000000000:65536
    localhost:1002000000:65536
    yoursunny:1018000000:65536
    subenhon:1022000000:65536
    

    May I jump in also @Not_Oles 😁

    Yep! Welcome again, @Fritz!

    notoles:1000000000:65536
    localhost:1002000000:65536
    Fritz:1005000000:65536
    yoursunny:1018000000:65536
    subenhon:1022000000:65536
    

    Thanks Tom for letting me in. 😘

    Thanked by (1)Not_Oles
Sign In or Register to comment.