[SOLVED] Bind mount: nobody nogroup despite UID mapping

[Helmut101]

I have successfully set up the Nextcloud Turnkey Container. It runs on an internal domain with automatic ACME DNS certs, it has its own Storage assigned and I am quite happy with it, so far.

However, now I'd like to add an "External Storage" to the Nextcloud setup, from my Host system (proxmox) extra storage drive. It's a 8TB drive with data that I only want to read on nextcloud, not write.

To the container config in

/etc/pve/lxc/100.conf

I've added:

mp0: /media/data,mp=/mnt/data/

I can see /mnt/data/ inside the Nextcloud container, but the user and group have nobody:nogroup, I cannot access subfolders.

In the host,

/media/data

is owned by user with ID 1003 and GID 1005. I've added another user with ID 1004 and GID 1005 that can read in

/media/data

After reading about unprivileged containers in https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
I've added a UID mapping for user with ID 1004 as follows:

# /etc/pve/lxc/100.conf
lxc.idmap: u 0 100000 1004
lxc.idmap: g 0 100000 1005
lxc.idmap: u 1004 1004 1
lxc.idmap: g 1005 1005 1
lxc.idmap: u 1005 101005 64530
lxc.idmap: g 1006 101006 64530

# /etc/subuid
root:100000:65536
root:1004:1

# /etc/subgid
root:100000:65536
root:1005:1

After container restart, folders in

/media/data

in the Nextcloud CT are still inaccessible, with nobody:1005 showing.
The folder on the host has group-read permissions set (drwxrws---)

What did I wrong?

 

[Helmut101]

Solved: I somehow managed to create the user with the wrong GID on the proxmox host, e.g.:

useradd nextcloud -u 1004 -g 1005 -m -s /bin/bash

where it should have been:

useradd nextcloud -u 1004 -g 1004 -m -s /bin/bash
groupadd -g 1005 nas_user
usermod -a -G nas_user nextcloud

Now I can see

/mnt/data/

i the Nextcloud container.