LXC Permissions / NFS Mounts / Oddities

J

jgiddens

Member
Aug 24, 2021
8
1
8
53
Hey all,

I have a Proxmox 8.1.4 PVE setup and I have created a VM running Truenas Scale and a LXC for Plex.

Within Truenas I have this tree:

Code: 
drwxrwx--- 46 jasong jasong 48 Feb 15 07:26 config
drwxrwx---  3 jasong jasong  3 Feb 17 08:55 downloads
drwxr-xr-x  6 root   root    9 Feb 11 09:48 ix-applications
drwxrwx---  7 jasong jasong  7 Feb 12 20:12 media
admin@truenas[/mnt/tank]$

I have created NFS shares for config, downloads and media.

Within config here is what my permissions look like:

Code: 
admin@truenas[/mnt/tank/config]$ ls -la
total 272
drwxrwx--- 46 jasong jasong     48 Feb 15 07:26 .
drwxr-xr-x  7 root   root        7 Feb 11 09:48 ..
drwxrwx---  2 jasong jasong      2 Feb 15 06:22 .stfolder
drwxrwx---  8 jasong jasong      8 Feb 15 06:22 bazarr
drwxrwx--- 10 jasong jasong     10 Feb 15 06:22 code-server
drwxrwx---  8 jasong jasong      8 Feb 15 06:22 docker-compose
drwxrwx---  2 jasong jasong      2 Feb 15 06:22 duckdns
drwxrwx---  2 jasong jasong      2 Feb 15 06:22 filezilla
-rwxrwx---  1 jasong jasong      0 Feb 15 06:19 findmehere
drwxrwx---  2 jasong jasong      3 Feb 15 07:26 gluetun
drwxrwx---  4 jasong jasong      5 Feb 17 09:37 grafana
drwxrwx---  9 jasong jasong      9 Feb 15 06:22 heimdall

All files owned by jasong:jasong and chmod'ed the same.

In media I have:

Code: 
admin@truenas[/mnt/tank/media]$ ls -al
total 260
drwxrwx---   7 jasong jasong   7 Feb 12 20:12 .
drwxr-xr-x   7 root   root     7 Feb 11 09:48 ..
drwxrwx--- 190 jasong jasong 190 Feb 11 10:09 comics
drwxrwx---   2 jasong jasong   2 Feb 12 20:12 images
drwxrwx--- 419 jasong jasong 428 Feb 17 09:03 movies
drwxrwx--- 468 jasong jasong 468 Feb 11 10:10 music
drwxrwx--- 158 jasong jasong 158 Feb 15 18:07 tv

So you can see the permissoions and owners are the same.

In the Datasets I have the same owners, groups, and ACL's, exactly.

I created the NFS shares for Config/Media/Downloads. I used the mapall property set to "jasong"

On proxmox i have mapped the NFS shares

1708193574676.png

and the /mnt/pve directory looks like this:
Code: 
oot@home:/mnt/pve# ls -al
total 26
drwxr-xr-x  5 root root 4096 Feb 17 10:55 .
drwxr-xr-x  3 root root 4096 Feb 17 10:49 ..
drwxrwx--- 46 3000 3000   48 Feb 15 09:26 config
drwxrwx---  3 3000 3000    3 Feb 17 10:55 downloads
drwxrwx---  7 3000 3000    7 Feb 12 22:12 media

Within my LXC container I have added mountpoints in the pct config file:
Code: 
mp0: /mnt/pve/config,mp=/mnt/config
mp1: /mnt/pve/media,mp=/mnt/media
mp2: /mnt/pve/downloads,mp=/mnt/downloads

Within the LXC here is the outcome of the mountpoints:
Code: 
root@plex:/mnt# ls -al
total 26
drwxr-xr-x  5 root root 4096 Feb 17 11:53 .
drwxr-xr-x 18 root root 4096 Feb 17 12:01 ..
drwxrwx--- 46 3000 3000   48 Feb 15 09:26 config
drwxrwx---  3 3000 3000    3 Feb 17 10:55 downloads
drwxrwx---  7 3000 3000    7 Feb 12 22:12 media

Within the config directory i have full read/write access:

Code: 
root@plex:/mnt/config# ls -al
total 268
drwxrwx--- 46 3000 3000     48 Feb 15 09:26 .
drwxr-xr-x  5 root root   4096 Feb 17 11:53 ..
drwxrwx---  2 3000 3000      2 Feb 15 08:22 .stfolder
drwxrwx---  8 3000 3000      8 Feb 15 08:22 bazarr
drwxrwx--- 10 3000 3000     10 Feb 15 08:22 code-server
drwxrwx---  8 3000 3000      8 Feb 15 08:22 docker-compose
drwxrwx---  2 3000 3000      2 Feb 15 08:22 duckdns
drwxrwx---  2 3000 3000      2 Feb 15 08:22 filezilla
-rwxrwx---  1 3000 3000      0 Feb 15 08:19 findmehere
drwxrwx---  2 3000 3000      3 Feb 15 09:26 gluetun

But inside the /media folder I see this instead:

Code: 
root@plex:/mnt/media# ls -al
total 15
drwxrwx--- 7 3000 3000    7 Feb 12 22:12 .
drwxr-xr-x 5 root root 4096 Feb 17 11:53 ..
drwxrwx--- 2 root root    2 Feb 11 11:08 comics
drwxrwx--- 2 3000 3000    2 Feb 12 22:12 images
drwxrwx--- 2 root root    2 Feb 11 11:07 movies
drwxrwx--- 2 root root    2 Feb 11 11:07 music
drwxrwx--- 2 root root    2 Feb 11 11:06 tv

and I get persmission denied when I try to enter the comics, movies, music or tv directories.

I have gone through this time and again and cannot figure out what is different between these directories. They all appear to be configured the same, so I cannot figure out why the /media nfs share is showing root ownership instead of 3000:3000.

What simple, stupid thing did I miss?
 
Your anomaly is truly an interesting one.

However you do not show what the user/permissions look like at:
Code: 
ls -al /mnt/pve/media
This may start giving us an indication - if it's something with the actual NFS share or the LXC mountpoints etc.

I'm going to take a wild try - to see if anything changes. You have the Content type of the NFS share(s) set for Disk image only.
How about changing it and adding all Content types available. Maybe your anomaly is actually linked to the contents or something else of the above directories.
I know it sounds wild - but the NFS backend on PVE is actually slightly weird itself, Docs.
 
If your LXC is an unprivileged container, then app armor is preventing you from mounting the NFS share. You have a few choices: Use a privileged container (probably bad), modify the app armor settings for that LXC, OR do bind mounts into LXC container. To create bind mounts you would create a mount point on the proxmox host, mount the NFS share there, then bind mount it to the LXC in the LXC config file

https://forum.proxmox.com/threads/tutorial-mounting-nfs-share-to-an-unprivileged-lxc.138506/

https://forum.proxmox.com/threads/best-practice-mount-nas-nfs-to-lxc.131578/
 
  • Like
Reactions: Admiral Awesome
louie1961 said:
If your LXC is an unprivileged container, then app armor is preventing you from mounting the NFS share. You have a few choices: Use a privileged container (probably bad), modify the app armor settings for that LXC, OR do bind mounts into LXC container. To create bind mounts you would create a mount point on the proxmox host, mount the NFS share there, then bind mount it to the LXC in the LXC config file
Click to expand...
Admiral Awesome said:
Your setup will not work with Unprivileged container.
Click to expand...
I believe you haven't thoroughly read the OPs post. He has managed (successfully) to mount the said share in his LXC container. His question refers to the difference in the user/permissions of the said directories. Your comment(s) do not refer to the anomaly he is encountering.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back