[SOLVED] Blind map to HDD partition not changing with chown

A

Alan_uk

New Member
Mar 28, 2024
2
0
1
UK
Hi, new to Proxmox and have bought a small Intel NUC to try it. Previously I've set up VirtualBox VMs and Docker containers.

I installed Proxmox 8.1.5 and created 1x VM and 6 x LXC containers, with 106 to be used as a fileserver with Samba and FTP. All LXCs are unprivileged.

As the NUC has only a 256GB SSD I added a 1TB HDD with the aim of using this for backups, ISOs and the fileserver user's data. The HDD has been partitioned into 4 partitions and formatted as MBR and Ext4. I then mapped them:

Code: 
PARTUUID=c26dd3cb-1538-4cec-8d6a-d4533587ca57 /mnt/hdd1   ext4   defaults   0   2
PARTUUID=89ab5b23-007b-4e5a-b95c-32358d0f49f2 /mnt/hdd2   ext4   defaults   0   2
PARTUUID=030844cf-3bd6-4f1b-834d-67edcb5e2c46 /mnt/hdd3   ext4   defaults   0   2
PARTUUID=b6600c2f-af18-44b3-92ca-96f3d8ca85ef /mnt/hdd4   ext4   defaults   0   2
mount -a
systemctl daemon-reload

I was then able go to DataCentre and backup the containers to HDD1.

I then proceed to map the 106 fileserver container to the HDD3

Code: 
Host:
mkdir -p /mnt/hdd3storage
nano /etc/pve/lxc/106.conf
Add at end:
mp0: /dev/sda3,mp=/mnt/hdd3storage,backup=0

I then got the permission denied problem so:

Code: 
Container Console:
adduser userfs
Adding user `userfs' ...
Adding new group `userfs' (1000) ...
Adding new user `userfs' (1000) with group `userfs (1000)' ...
Creating home directory `/home/userfs' ...

proxmox shell:
nano /etc/pve/lxc/106.conf
Add at end
# map userid
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

nano /etc/subuid
Added:
root:1000:1

nano /etc/subgid
Added:
root:1000:1
restart container

ls /mnt/hdd3storage
cd /mnt/
ls -lhn
drwxr-xr-x 3 65534 65534 4.0K Mar 23 22:37 hdd3storage

proxmox shell:
ls /dev/sda3 -lhn
brw-rw---- 1 0 6 8, 3 Apr  1 23:14 /dev/sda3
chown -R 1000:1000 /dev/sda3
ls /dev/sda3 -lhn
brw-rw---- 1 1000 1000 8, 3 Apr  1 23:14 /dev/sda3

stop & start fileserver container 106
ls /mnt/hdd3storage -lhn
-rw-r--r-- 1 65534 65534   0 Apr  2 11:45 hdd3.txt
drwx------ 2 65534 65534 16K Mar 23 22:37 lost+found

I then set a password for userfs and logged in:

Code: 
No directory, logging in with HOME=/
userfs@fileserver:/$ ls /mnt/hdd3storage -lhn
-rw-r--r-- 1 65534 65534   0 Apr  2 11:45 hdd3.txt
drwx------ 2 65534 65534 16K Mar 23 22:37 lost+found

cd /mnt/hdd3storage     
/mnt/hdd3storage$ touch testfile.txt
touch: cannot touch 'testfile.txt': Permission denied

The proxmox manual on "Unprivileged LXC containers" says: "all uids will be mapped to 65534:65534 except 1001, which would be seen (and written) as 1001:1001.

This doesn't seem to be case. Where have I gone wrong?

Many thanks if you've read this long post. Hopefully, to an expert it will be obvious!

Alan
 
Well I solved it!

I noticed in the LXC container after logging in as root that root's id was 0 and my understanding was that root got mapped to 1000. However, I had defined a user in the container and it had been given an id of 1000. So I repeated the blind mappings using a web example that was using 1005 as the user Id, but that did not resolve the problem.

I still haven't got 100% clarity of the bind map commands but it always struck me as strange that the guides always say that the ownership should be changed on the source (physical drive). For example with a container conf mount of:

Code: 
mp0: /mnt/bindmounts/shared,mp=/shared

to run:

Code: 
chown -R 1005:1005 /mnt/bindmounts/shared

In my case that would be:

Code: 
mp0: /dev/sda3,mp=/mnt/hdd3storage,backup=0
chown -R 1005:1005 /dev/sda3

which I had done. It seemed to me the ownership of the mount point ought to be changed as well. I tried

Code: 
chown -R 1005:1005 /mnt/hdd3storage

but got "chown: cannot read directory '/mnt/hdd3storage/lost+found': Permission denied"

In the PVE /etc/fstab I had mounted the hard drive using:

Code: 
PARTUUID=030844cf-3bd6-4f1b-834d-67edcb5e2c46 /mnt/hdd3   ext4   defaults   0   2

So I decided to try:

Code: 
chown -R 1005:1005 /mnt/hdd3

and that worked. After starting and stopping the container and then going to it's Console:

Code: 
    ls /mnt/hdd3storage -lhn
-rw-r--r-- 1 1005 1005   0 Apr  2 11:45 hdd3.txt
drwx------ 2 1005 1005 16K Mar 23 22:37 lost+found

the permissions were now correct. I then logged in as the user 1005 and got:

Code: 
No directory, logging in with HOME=/

It did exist but was owned by nobody (I recall). Also I could not run nano on files in the /mnt/hdd3storage directory:

Code: 
Unable to create directory //.local/share/nano/: No such file or directory
It is required for saving/loading search history or cursor positions.

I needed to change the /home/<user's directory> ownership to 1005.

I tried doing that as sudo but it said there was no root! I could not even logout to login as root. I had to stop and start the container and then login as root to change the ownership. Then every thing was fine.

I've not tried to set up Samba and FTP access yet but fairly sure it wont have permission problems with /mnt/hdd3storage.

Hopefully one day the GUI will allow user's to easily define permissions on external drives.

Alan
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back