If all roots maps to the same 100000, what about other users?

[HowardT]

With all default without explicit mappings, I tested with 2 unprivileged LXC and confirmed that both their roots maps to uid 100000 in the PVE. But what about other users? If I create 2 same users in 2 containers, will they map to the same uid in the PVE? If not, then why all roots maps to 100000? Thanks for your comment in advance.

 

[fiona]

Hi,
yes, if the mapping is the same and the ID is the same, the result of the mapping will also be the same.
The default mapping is 0 100000 65536 which means: map user 0+n to 100000+n for n=0,1,2,...,65535.

 

[ChriChri]

If all containers map to the same uid/gid range all containers do have the same file permissions to directories bind-mounted from the host into containers. I'm wondering if other security implications might arise from having the same mapping for different containers instead of mapping each container to a different uid/gid range on the host?