Docker Rootless on an Anubiz Offshore VPS
Rootless Docker runs the daemon and containers as a regular user via user namespaces. A container escape lands in your unprivileged shell, not root. On a single-tenant Anubiz VPS this is meaningful for containers running untrusted code. Trade-offs are real (no ports under 1024 without authbind, slirp4netns network is slower) but the security gain is worth it for many use cases.
Need this done for your project?
We implement, you ship. Async, documented, done in days.
Step 1: Prereqs
apt install uidmap dbus-user-session slirp4netns fuse-overlayfs. As your normal user.
Step 2: Install Rootless Docker
curl -fsSL https://get.docker.com/rootless | sh. Per official instructions. Adds to user's ~/.bashrc the DOCKER_HOST.
Step 3: Systemd User Unit
systemctl --user enable --now docker. loginctl enable-linger luis so it keeps running after logout.
Step 4: Network and Ports
Ports under 1024 unavailable to non-root by default. sysctl net.ipv4.ip_unprivileged_port_start=80 lets the user bind to 80 and 443. Or use a reverse proxy on root listening publicly.
Step 5: Validate
docker info shows Security Options: rootless. docker run --rm alpine id returns uid 0 inside but mapped to your uid outside (check with ps on host).
Related Services
Why Anubiz Host
Ready to get started?
Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.