yet another lxc bind mount dump question

P

proxman4

Member
Mar 23, 2020
26
2
23
26
Hi friends hope you're doing well.

After reading this very usefull (not enough for my dumb person) explanation on bind mounts for unprivileged containers on proxmox ( + this ) i got this silly question.

i always need a real life example.

Hope some cool person will kindly give me a hint.

I got a zfs dataset on host:

Code: 
opyhdd/nextcloud_data                       1.49T  2.90T     1.49T  /mnt/pve/nfs/opyhdd/nextcloud_data

it is used as a nfs server to share to some vm guests. It has those permissions in the host www-data =uid 33 :

Code: 
drwxrwx---  6 www-data www-data  8 Sep 13  2022 nextcloud_data

and those in the guest vm (not lxc) www-data =uid 33 :

Code: 
rwxrwx---  6 www-data www-data    8 sept. 13  2022 nextcloud-data

I need to share this dataset with an unprivileged lxc container .

let's say i have administrator user with uid/gid : 1000 in the unprivileged lxc :

Code: 
useradd -u 1000 -m -s /usr/bin/bash administrator

if i understand correctly i need to change the permissions on the host :

Code: 
chown -R 101000:101000 mnt/pve/nfs/opyhdd/nextcloud_data

that look fun and all but is it risky at some point to break the nfs server and the permissions on the guest vm ?

i'm too lazy to mount some lab to try this out and figured that someone got a really quick and dirty answer for me.

Thank you and have a nice day.
 
Last edited:
proxman4 said:
Hi friends hope you're doing well.

After reading this very usefull (not enough for my dumb person) explanation on bind mounts for unprivileged containers on proxmox ( + this ) i got this silly question.

i always need a real life example.

Hope some cool person will kindly give me a hint.

I got a zfs dataset on host:

Code: 
opyhdd/nextcloud_data                       1.49T  2.90T     1.49T  /mnt/pve/nfs/opyhdd/nextcloud_data

it is used as a nfs server to share to some vm guests. It has those permissions in the host www-data =uid 33 :

Code: 
drwxrwx---  6 www-data www-data  8 Sep 13  2022 nextcloud_data

and those in the guest vm (not lxc) www-data =uid 33 :

Code: 
rwxrwx---  6 www-data www-data    8 sept. 13  2022 nextcloud-data

I need to share this dataset with an unprivileged lxc container .

let's say i have administrator user with uid/gid : 1000 in the unprivileged lxc :

Code: 
useradd -u 1000 -m -s /usr/bin/bash administrator

if i understand correctly i need to change the permissions on the host :

Code: 
chown -R 101000:101000 mnt/pve/nfs/opyhdd/nextcloud_data

that look fun and all but is it risky at some point to break the nfs server and the permissions on the guest vm ?

i'm too lazy to mount some lab to try this out and figured that someone got a really quick and dirty answer for me.

Thank you and have a nice day.
Click to expand...
i put this question in wrong categorie. If some @mod would be kind enough to fix this. Thanks
 
proxman4 said:
i put this question in wrong categorie. If some @mod would be kind enough to fix this. Thanks
Click to expand...
gladly done!

As for your question - If you want to use a share both inside a unprivileged container as well as on your host (or privileged container, or with a local user on your nfs-server) - mapping the particular UID/GID the files are stored with - with lxc.idmap entries and the fitting entries in /etc/subuid, /etc/subgid - as explained in https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
might be a good starting point.
 
Thank you for this . Sorry for the other time dimension delay. I'll dig this a little more to get a fonctionnal setup.
 
You must log in or register to reply here.
Top Bottom