Document UID 850 as permanent — never change
Rootless podman deeply caches the UID in storage, subuid mappings, and systemd sessions. Changing it destroys all container state. Reference: log/2026-04-03-uid-incident.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -7,7 +7,9 @@
|
|||||||
{
|
{
|
||||||
users.users.mcp = {
|
users.users.mcp = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
uid = 850; # Pinned to avoid auto-assign conflicts (800-899 range is unused on all nodes).
|
uid = 850; # NEVER CHANGE. Rootless podman caches the UID in storage, subuid mappings,
|
||||||
|
# and systemd sessions. Changing it destroys all container state.
|
||||||
|
# See log/2026-04-03-uid-incident.md.
|
||||||
group = "mcp";
|
group = "mcp";
|
||||||
home = "/srv/mcp";
|
home = "/srv/mcp";
|
||||||
shell = pkgs.shadow; # nologin equivalent
|
shell = pkgs.shadow; # nologin equivalent
|
||||||
|
|||||||
Reference in New Issue
Block a user