The environment is currently running Ubuntu 16.04 with the user logged in as root. The first step is to create a new user without these root privileges, meaning they will be running with increased security and not be able to make critical changes to the system.
The useradd
command will create a user with the default permissions. Run the command in the terminal to add a new user called lowprivuser
. This user can be called anything.
useradd -m -d /home/lowprivuser -p $(openssl passwd -1 password) lowprivuser
Using`sudo su, it's possible to switch to running as this new, low privileged user.
sudo su lowprivuser
When running as this user, a couple of items change. For example, the user is not able to create or change files in certain locations such as the root directory, touch /root/blocked
.
The user is also not able to access Docker as previously this required them to have root permissions.
docker ps
In the next step, we'll deploy the new Rootless version and allow users launch their own containers.