custom pve script in gui?

[Forssux]

Hi There,

I'm using Proxmox at home and gave a zfs as fs.
Files are served to other computers via samba.

Is there a way that we can have a section in the PVE where custom scripts are gathered and executed?

I have for example a script, that set the uid/gid correct when it comes from a LXC.
I noticed that when coping files/folders from a lxc to the host the uid/gid where way of.
I can propably set the mapping correct, but then I would need to do this for all uid which isn't secure I gues.

Therefore this script..

import subprocess

def get_uid_gid(file_path):
  """Gets the uid and gid of a file.

  Args:
    file_path: The path to the file.

  Returns:
    A tuple containing the uid and gid of the file.
  """

  output = subprocess.check_output(["stat", "-c", "%u:%g", file_path])
  uid, gid = output.decode().split(":")
  return int(uid), int(gid)

def subtract_100000(uid, gid):
  """Subtracts 100000 from the uid and gid if either or both are over 100000.

  Args:
    uid: The uid of the file.
    gid: The gid of the file.

  Returns:
    A tuple containing the new uid and gid of the file.
  """

  new_uid = uid - 100000 if uid > 100000 else uid
  new_gid = gid - 100000 if gid > 100000 else gid
  return new_uid, new_gid

def set_uid_gid(file_path, uid, gid):
  """Sets the uid and gid of a file.

  Args:
    file_path: The path to the file.
    uid: The uid of the file.
    gid: The gid of the file.
  """

  subprocess.run(["chown", str(uid), str(gid), file_path])

def main():
  """The main function."""

  # Get the path to the samba share.
  samba_share_path = "/mnt/QData/NonMedia"

  # Get the uid and gid of the samba share.
  samba_share_uid, samba_share_gid = get_uid_gid(samba_share_path)

  # Get the path to the new file.
  new_file_path = "/mnt/QData/NonMedia/new_file"

  # Get the uid and gid of the new file.
  new_file_uid, new_file_gid = get_uid_gid(new_file_path)

  # Subtract 100000 from the uid and gid if either or both are over 100000.
  new_file_uid, new_file_gid = subtract_100000(new_file_uid, new_file_gid)

  # If the outcome is below 0, set the uid and gid to the uid and gid of the samba share.
  if new_file_uid < 0:
    new_file_uid = samba_share_uid
  if new_file_gid < 0:
    new_file_gid = samba_share_gid

  # Set the uid and gid of the new file.
  set_uid_gid(new_file_path, new_file_uid, new_file_gid)

if __name__ == "__main__":
  main()

 

[s.lendl]

You are using an unprivileged container which utilizes user namespacing.

You can map the outside UIDs to inside UIDs which you can set up in PVE as described in the PVE Wiki https://pve.proxmox.com/wiki/Unprivileged_LXC_containers#Using_local_directory_bind_mount_points

 

[Dunuin]

Is there a way that we can have a section in the PVE where custom scripts are gathered and executed?

No, I already asked for this because some customization would be really nice: https://forum.proxmox.com/threads/feature-request-userscripts-in-webui.119305/

 

[Forssux]

You are using an unprivileged container which utilizes user namespacing.

You can map the outside UIDs to inside UIDs which you can set up in PVE as described in the PVE Wiki https://pve.proxmox.com/wiki/Unprivileged_LXC_containers#Using_local_directory_bind_mount_points

I don't completely understand what you're saying. Yes I need to do the mapping otherwise no access

 

[s.lendl]

You understood correctly.

For security reasons, the User IDs inside the container are completely separated from User IDs outside the container.
The same problem exists with Docker, but many Docker setups don't use the user namespace feature.