Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add lxd group creation to installation process #13382

Merged
merged 2 commits into from
Apr 29, 2024
Merged

Add lxd group creation to installation process #13382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
46f6af6
doc: add `lxd` group creation to installation process
hamistao Apr 24, 2024
c8f23eb
doc: add user addition to `lxd` group to intallation process
hamistao Apr 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 28 additions & 4 deletions doc/installing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ discourse: ubuntu:37214, ubuntu:37327
(installing)=
# How to install LXD

The easiest way to install LXD is to {ref}`install one of the available packages <installing-from-package>`, but you can also {ref}`install LXD from the sources <installing_from_source>`.
The easiest way to install LXD is to {ref}`install one of the available packages <installing-from-package>`, but you can also {ref}`install LXD from the sources <installing-from-source>`.

After installing LXD, make sure you have a `lxd` group on your system.
Users in this group can interact with LXD.
Expand Down Expand Up @@ -76,6 +76,12 @@ After successfully running the `lxd.migrate` command, you can then switch to a n
sudo refresh lxd --channel=latest/stable
```

If you want the current user to be able to interact with the LXD daemon, add it to the `lxd` group as the installation process does not add it for you:

```bash
getent group lxd | grep -qwF "$USER" || sudo usermod -aG lxd "$USER"
```

(installing-other)=
#### Other installation options

Expand Down Expand Up @@ -160,6 +166,7 @@ To download a specific build:
1. Filter for the branch or tag that you are interested in (for example, the latest release tag or `main`).
1. Select the latest build and download the suitable artifact.

(installing-from-source)=
hamistao marked this conversation as resolved.
Show resolved Hide resolved
(installing_from_source)=
## Install LXD from source

Expand Down Expand Up @@ -271,6 +278,13 @@ You'll need sub{u,g}ids for root, so that LXD can create the unprivileged contai
echo "root:1000000:1000000000" | sudo tee -a /etc/subuid /etc/subgid
```

By default, only users added to the `lxd` group can interact with the LXD daemon. Installing from source doesn't guarantee that the `lxd` group exists in the system. If you want the current user (or any other user) to be able to interact with the LXD daemon, add it to the `lxd` group:

```bash
getent group lxd >/dev/null || sudo groupadd --system lxd # create the group if needed
getent group lxd | grep -qwF "$USER" || sudo usermod -aG lxd "$USER"
```

Now you can run the daemon (the `--group sudo` bit allows everyone in the `sudo`
group to talk to LXD; you can create your own group if you want):

Expand All @@ -289,9 +303,19 @@ Access control for LXD is based on group membership.
The root user and all members of the `lxd` group can interact with the local daemon.
See {ref}`security-daemon-access` for more information.

If the `lxd` group is missing on your system, create it and restart the LXD daemon.
You can then add trusted users to the group.
Anyone added to this group will have full control over LXD.
On Ubuntu images, the `lxd` group already exists and the main user is automatically added to it. The group is also created during installation if you {ref}`installed LXD from the snap<installing-from-package>`. If the `lxd` group is missing on your system (as might be the case if you {ref}`installed LXD from the sources <installing-from-source>`), create it and restart the LXD daemon:

```bash
getent group lxd >/dev/null || sudo groupadd --system lxd
```

No users are added to the group on installation. You must add trusted users to the group so they can use LXD:

```bash
getent group lxd | grep -qwF "$USER" || sudo usermod -aG lxd "$USER" # adding current user as an example
```

Anyone added to this group will have full control over LXD. See {ref}`Access to the LXD daemon<security-daemon-access>` to better understand access control for LXD.

Because group membership is normally only applied at login, you might need to either re-open your user session or use the `newgrp lxd` command in the shell you're using to talk to LXD.

Expand Down
6 changes: 6 additions & 0 deletions doc/tutorial/first_steps.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,12 @@ If you prefer a different installation method, or use a Linux distribution that

sudo snap refresh lxd

1. Enter the following command to add the current user to the `lxd` group (the group was automatically created during the previous step):

getent group lxd | grep -qwF "$USER" || sudo usermod -aG lxd "$USER"

This is needed to be granted permission to interact with LXD.

1. Enter the following command to initialize LXD:

lxd init --minimal
Expand Down
Loading