I had never used containers before, including Docker and Podman. Recently, I installed Fedora Kinote on my laptop and then use containers to achieve a fully isolated working environment (not distrobox or toolbx which are not their goals).
Initially, I create a container and login as my username by default successfully. (these codes are inspired by distrobox)
$ podman create -tiu=$USER --userns=keep-id --name test fedora:latest
29be46bc8beca173187e7fd71d61d2eb289d7b00f3aa6eab3930841830e49b0e
$ podman start -ai test
bash-5.2$ whoami
username
bash-5.2$
Then I found that the user seems have been just added without a password, making it impossible to use sudo command. Then I wrote a Dockerfile.
FROM fedora:latest
RUN useradd -mG wheel -p '' -s /bin/bash username
USER username
However, when fedora:latest updated, I would prefer a newer version, then it needs to be rebuilt. Is there a more convenient way to achieve this?
For my own question, I solved and found -u=$USER is not necessary. So I changed my options.
podman pull fedora:latest
# $HOME is /var/home/username in Atomic Desktop
podman create -ti --userns=keep-id --group-add=wheel --workdir=/home/$USER --name=test fedora:latest
# It hangs when using test:/etc/skel, but using /etc/skel isn't a good idea.
podman cp /etc/skel test:/home/$USER
podman start -ai test
There is still an issue, the password of $USER is an asterisks in /etc/passwd, making impossible to use sudo. I would keep this question open to waiting for a solution…
I don’t use Podman or Docker containers much, so maybe there is something I’m overlooking, but isn’t the passwd command available to set the user’s password? I guess you would have to run it as the root user if the user’s current password is locked with asterisks.
Yes and no, I attempted to use podman exec, but it failed to execute since the container wasn’t running.
To keep a container alive, the best solution is set sleep infinity as the entry point. I don’t think it is a good idea, so I’ve always avoided it.
Two days ago, after saw your reply, I’ve found a slightly dirty workaround that just start the container in one session and then run podman container exec --user=root passwd -d $USER in another session works fine for me. Therefore, my final command to create a container and automatically stop it upon exiting the shell is as follows.
