Hi everyone!
Although this is my first time posting on this forum, I have been using proxmox for a while and love it!
I have previously always only logged in as root on my host and never had much issues. Now however I want to set up an lxc under a separate user which was much trickier than I thought it would be.
I followed these steps to set up a new user on my host:
https://bobcares.com/blog/add-pam-user-proxmox/
In the proxmox webgui i made the user admin(full access) for these categories:
Now my new user have all permissions necessary to create a new lxc in the webgui which I did. I notice however that that the filesystem in the lxc has all files owned by the sub-id of
In my
If I want
This will of course give me an error when trying to start the container as
Non root users naturally won't have
How do I grant access to a container for a non-root user?
Although this is my first time posting on this forum, I have been using proxmox for a while and love it!
I have previously always only logged in as root on my host and never had much issues. Now however I want to set up an lxc under a separate user which was much trickier than I thought it would be.
I followed these steps to set up a new user on my host:
https://bobcares.com/blog/add-pam-user-proxmox/
In the proxmox webgui i made the user admin(full access) for these categories:
/sdn/zones#Allowing changes to internet settings/access/storage#Allowing manipulation of container fs/vms#Accessing everything concerning vm and lxc settings
Now my new user have all permissions necessary to create a new lxc in the webgui which I did. I notice however that that the filesystem in the lxc has all files owned by the sub-id of
root rather than sub-id of newuser even though newuser created the container. This was not what I expected.In my
subuid and subgid i have:
Code:
root:100000:65536
newuser:165536:65536If I want
newuser to have access to the files in the container I now need to edit the sub-ids like so:
Code:
newuser:100000:65536
root:165536:65536This will of course give me an error when trying to start the container as
root which is expected. Since I intend to run the container as newuser this shouldn't matter.Non root users naturally won't have
/usr/sbin in $PATH, so first I ran export PATH=$PATH:/usr/sbin/ since that is where pct is located. Now if I try to run any pct command I always get the same error:
Code:
ipcc_send_rec[1] failed: Unknown error -1
ipcc_send_rec[2] failed: Unknown error -1
ipcc_send_rec[3] failed: Unknown error -1
Unable to load access control list: Unknown error -1newuser doesn't have access to pct. Using sudo is out of the question, since that means it will run as root again instead of running as newuser which defeats the whole purpose of this setup.How do I grant access to a container for a non-root user?