backspace

Instructions let's save a text file named "test.sh" having the following content #! /bin/bash for i in `seq 50` do    echo $i    sleep 1 done it just print number from 1 to 50 second by second (you can change 50 to any number) now as regular user type chmod +x ./test.sh systemd-run --user --unit=my-test ./test.sh  the above command will run the script as a user service called my-test at any time you can trace it with systemctl and see the logs using journalctl like this journalctl -ln 100 -f --user-unit=my-test systemctl --user status my-test you can abort it using systemctl --user stop my-test Use cases Let's assume you have a web interface that trigger something and you want to trace it later just make your unprivileged web application (written in php/python and running as regular non-root user) called "systemd-run --user" and query the status and follow the logs using systemctl and jour

Introduction If you are familiar with docker then you are going to love this little hack. UNC  is a tool to demonstrate how to launch containers without being root. Getting the code and compiling it git clone https://github.com/LK4D4/unc.git cd unc mkdir -p gopath/src/ ln -s ../.. gopath/src/unc export GOPATH=$PWD/gopath cd gopath/src/unc go get go build cd unet go build cd .. sudo cp unc unet/unet /usr/local/bin/ sudo chmod u+s /usr/local/bin/unet What is SetUID for? "unet" is a tool used "unc" that creates veth pairs and assign one of them to container. Root user (via setuid) is needed to be able to assign a network interface for the user container. Creating some minimal root filesystems sudo dnf install busybox # as regular unprivileged user type mkdir -p roots/busybox1/{bin,sbin,proc,dev,etc} cp /sbin/busybox roots/busybox1/sbin/ echo "root:x:0:0:root:/root:/bin/bash" > roots/busybox1/etc/passwd echo "r

UPDATE: docker inc. addressed those concerns by donating its runtime to Cloud Native Computing Foundation  (CNCF) and by making moby a community project. Yes, I'm  claiming that Docker is just a hyped vendor lock-in. Don't get me wrong, Linux containers, micro-services, DevOPs,... are all very cool and they are cool for a reason. On the other hand docker is just an overrated vendor lock-in. Linux containers is a new term for old technologies like namespace and control groups, used in production maybe for more than a decade. LXC is one way to access those kernel feature in a boring way. OpenVZ and the newly hyped LXD is virtualization hypervisor based on Linux containers. SystemD do use containers for all of spawned services and can be used to spawn containers (using nspawn ). In other words Docker did not invent containers. I was warned about that more than a year ago but then it was not that obvious. What's wrong with docker? So many things! At every sing