I'd posted in a thread with @mheon  asking if there was a convention
that the podman (or systemd) community would recommend for accessing
user accounts that are "daemonized" (e.g. `loginctl enable-linger
The state of the user for deployment is something like:
$ mkdir /containers
$ semanage fcontext -a -e /home /containers
$ restorecon -vR /containers
$ groupadd -g 2000 hedgedoc
$ useradd -g 2000 -u 2000 -d /containers/hedgedoc -s /sbin/nologin
$ usermod --add-subuids 200000000-200065535 --add-subgids 200000000-
$ loginctl enable-linger hedgedoc
There is a more opinionated longer write up here . Something that
I've not been doing is setting a shell and providing access to the user
via ssh. This may be weird, but one of the thinks was that by not
having a shell, running rootless-as-non-root, the application is pretty
From what we can gather there are a couple options:
Seems like the most reasonable option, as root or sudo you:
$ runuser -ls /bin/bash hedgedoc
This will log you in, set the shell to bash, and set your working
directory to the users home directory. You can then use the shell to
interact with the user slice, invoke podman, invoke podman generate,
and daemonize pods/containers.
$ su -s /bin/bash hedgedoc
This will log you in, set the shell to bash. However doesn't change
home directory. Works similar to above, but seems like runuser has more
niceness to the experience.
This is a bit more weird, but potentially is what systemd _wants_
people to do:
$ systemctl --user --machine=hedgedoc@.host <things>
This would allow you to interact with user units, you could drop them
in place with ansible/pyinfra and then use this `--machine` invocation
to examine the state of the unit.
- Is this something the podman folks are thinking about, mheon seems
to reference it but it was very hard to figure out how to actually
- Is there a way to obtian a shell with this method?
Was generally curious to see if anyone would offer opinions on how they
are using user slice deployments. I've been watching quadlet  with
interest as well.