id mapping and home dir ownership

P

planten

New Member
Jul 22, 2024
4
1
3
Hey, I've been tinkering with proxmox for a couple of weeks now and I think I have a good working setup.

I have a zpool with 2 datasets. 1 dataset for media and personal stuff mounted on 2 containers (NAS (300) and webserver (310)). I mounted the dataset to the webserver lxc with its config file on the host cause I could not mount the NAS's samba share (operation not permitted) inside the lxc. 1 dataset for pictures mounted on a container running Immich (410). These are the config files.

Code: 
root@pve:~# cat /etc/pve/lxc/300.conf
arch: amd64
cores: 1
features: nesting=1
hostname: NAS
memory: 512
mp0: /mnt/share/media,mp=/mnt/share/media
mp1: /mnt/personal/steve,mp=/mnt/personal/steve
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.0.1,hwaddr=BC:24:11:61:0E:D4,ip=192.168.0.130/24,type=veth
onboot: 1
ostype: alpine
rootfs: local-lvm:vm-300-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1300
lxc.idmap: g 0 100000 1300
lxc.idmap: u 1300 1300 1
lxc.idmap: g 1300 1300 1
lxc.idmap: u 1301 101301 64235
lxc.idmap: g 1301 101301 64235
Code: 
root@pve:~# cat /etc/pve/lxc/310.conf
arch: amd64
cores: 1
features: nesting=1
hostname: Webserver
memory: 512
mp0: /mnt/share/media/,mp=/mnt/media
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.0.1,hwaddr=BC:24:11:38:47:99,ip=192.168.0.131/24,type=veth
ostype: alpine
rootfs: local-lvm:vm-310-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1310
lxc.idmap: g 0 100000 1310
lxc.idmap: u 1310 1300 1
lxc.idmap: g 1310 1300 1
lxc.idmap: u 1311 101311 64225
lxc.idmap: g 1311 101311 64225
Code: 
root@pve:~# cat /etc/pve/lxc/410.conf
arch: amd64
cores: 6
features: nesting=1
hostname: Immich
memory: 6144
mp0: /mnt/personal/pictures,mp=/mnt/pictures
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.0.1,hwaddr=BC:24:11:D3:C1:97,ip=192.168.0.141/24,type=veth
onboot: 1
ostype: alpine
rootfs: local-lvm:vm-410-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1410
lxc.idmap: g 0 100000 1410
lxc.idmap: u 1410 1410 1
lxc.idmap: g 1410 1410 1
lxc.idmap: u 1411 101411 64125
lxc.idmap: g 1411 101411 64125
Code: 
root@pve:~# cat /etc/subuid
root:100000:65536
root:1300:1
root:1310:1
root:1410:1
Code: 
root@pve:~# cat /etc/subgid
root:100000:65536
root:1300:1
root:1310:1
root:1410:1
Code: 
root@pve:~# ls -l /mnt/personal/
total 13
drwx------ 7 1410 1410 7 Jul 21 19:17 pictures
drwxr-xr-x 2 1300 1300 2 Jul 21 18:13 steve
(This is also wierd no?)
Code: 
root@pve:~# ls -l /mnt/personal/pictures/
total 2
drwxr-xr-x 3 100000 100000 3 Jul 21 19:17 encoded-video
drwxr-xr-x 3 100000 100000 3 Jul 21 19:35 library
drwxr-xr-x 3 100000 100000 3 Jul 21 19:13 thumbs
drwxr-xr-x 3 100000 100000 3 Jul 21 19:13 upload

However something started bothering me. The home folders inside the containers of the users are owned by nobody:nobody and I can't change this. Is the purpose that we only make users for access to the mounts and use root to run everything? How can a user run anything if it doesn't have access to its home folder to store config files? I think I'm missing something.

Thanks.
 
Last edited:
MarkusF said:
Hello,

this is because you are running an unprivileged container.

"With unprivileged containers you might run into permission problems caused by the user mapping and cannot use ACLs."
https://pve.proxmox.com/wiki/Linux_Container#_bind_mount_points

Please try this:
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
Click to expand...

Thanks in taking your time to make a response.

I know it's because of the unprivileged containers I need to do the id mapping. I followed your second link. I also posted the config files in the OP. What I don't understand is why it puts the ownership of the home directories in the containers to nobody:nobody when I follow your link.
 
So I figured out I need to create a user with the same id as on the container. I also need to create the user first on the host and after that I can create the user on the container otherwise it won't work. Deleting the user after on the host doesn't seem to be a problem but I guess I'll leave them.

`adduser` also works differently than `useradd` and I used the latter to create the users on the host.

MarkusF afaik it does not get explained in the second link you provided.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back