Hello PVE user,
I'm currently trying to setup a fileserver in a lxc. Basically it works but I have problems with the permissions / uid / gid / mapping... Hopefully someone could help me a little with correct setup regarding the persmissions.
Plan: create a fileserver for several linux clients with single and group shares and files saved on the PVE host within ZFS.
ZFS datasets on PVE Host:
/tank/groupshare
/tank/usershare1
What I have done is basically taken from the tutorial https://blog.kye.dev/proxmox-zfs-mounts
## on PVE:
# Create the group that maps to nas_shares on the lxc
groupadd -g 110000 nas_shares
# Create the mapped user
useradd fileuser -u 101000 -g 110000 -m -s /bin/bash
# Move ownership to the mapped user
chown -R nas:nas_shares /tank/groupshare
chown -R nas:nas_shares /tank/usershare1
chown -R nas:nas_shares /tank/usershare2
# created an unprivileged lxc debian container with cockpit (https://blog.kye.dev/proxmox-cockpit)
## on LXC:
groupadd -g 10000 nas_shares
useradd fileuser -u 1000 -g 10000 -m -s /bin/bash
## on PVE:
pct set 100 -mp0 /tank/groupshare,mp=/mnt/groupshare
pct set 100 -mp1 /tank/usershare1,mp=/mnt/usershare1
pct set 100 -mp1 /tank/usershare1,mp=/mnt/usershare2
## on LXC / cockpit:
Sharing > Samba, open Advanced Settings and add inherit permissions = yes
create user1 and user2, add the Host-Mapped Group nas_shares to the users, create samba password
create shares with nas_shares group in Valid Groups.
## on the Clients
On the Linux clients I map the shares via fstab:
//fileserver/groupshare /home/mint_username/FS/groupshare cifs uid=1000,gid=1000,credentials=/home/mint_username/.cred 0 0
# How the permissons looks like:
ls -l on PVE Host:
-rwxrwx--- 1 nas nas_shares 46944 May 23 19:45 'xyz.ods'
ls -l on Fileserver LXC:
-rwxrwx--- 1 fileuser nas_shares 46944 May 23 19:45 'xyz.ods'
ls -l on Linux Mint client:
-rwxr-xr-x 1 mint_username mint_usergroup 46944 Mai 23 19:45 'xyz.ods'
## user1 edits xyz.ods
mint_username edits with smb user user1 on the groupshare xyz.ods
ls -l on PVE Host:
-rwxrwx--- 1 101001 101001 47157 May 26 15:11 'xyz.ods'
ls -l on Fileserver LXC:
-rwxrwx--- 1 user1 usergroup1 47157 May 26 15:11 'xyz.ods'
ls -l on Linux Mint client:
-rwxr-xr-x 1 mint_username mint_usergroup 46944 Mai 23 19:45 'xyz.ods'
## user2
user2 wants to open xyz.ods on his Linux Mint Client but he is not allowed to read the file 'xyz.ods'.
After chown on the PVE Host (chown -R nas:nas_shares /tank/groupshare) the file is again readable by user2.
Where is the problem? When user1 saves the file then userid and usergroup are both set to his ones (-> user1 usergroup1). That should be the problem. But how can I correct that? Where is my fault in the configs?
Thanks a lot for your help.
I'm currently trying to setup a fileserver in a lxc. Basically it works but I have problems with the permissions / uid / gid / mapping... Hopefully someone could help me a little with correct setup regarding the persmissions.
Plan: create a fileserver for several linux clients with single and group shares and files saved on the PVE host within ZFS.
ZFS datasets on PVE Host:
/tank/groupshare
/tank/usershare1
What I have done is basically taken from the tutorial https://blog.kye.dev/proxmox-zfs-mounts
## on PVE:
# Create the group that maps to nas_shares on the lxc
groupadd -g 110000 nas_shares
# Create the mapped user
useradd fileuser -u 101000 -g 110000 -m -s /bin/bash
# Move ownership to the mapped user
chown -R nas:nas_shares /tank/groupshare
chown -R nas:nas_shares /tank/usershare1
chown -R nas:nas_shares /tank/usershare2
# created an unprivileged lxc debian container with cockpit (https://blog.kye.dev/proxmox-cockpit)
## on LXC:
groupadd -g 10000 nas_shares
useradd fileuser -u 1000 -g 10000 -m -s /bin/bash
## on PVE:
pct set 100 -mp0 /tank/groupshare,mp=/mnt/groupshare
pct set 100 -mp1 /tank/usershare1,mp=/mnt/usershare1
pct set 100 -mp1 /tank/usershare1,mp=/mnt/usershare2
## on LXC / cockpit:
Sharing > Samba, open Advanced Settings and add inherit permissions = yes
create user1 and user2, add the Host-Mapped Group nas_shares to the users, create samba password
create shares with nas_shares group in Valid Groups.
## on the Clients
On the Linux clients I map the shares via fstab:
//fileserver/groupshare /home/mint_username/FS/groupshare cifs uid=1000,gid=1000,credentials=/home/mint_username/.cred 0 0
# How the permissons looks like:
ls -l on PVE Host:
-rwxrwx--- 1 nas nas_shares 46944 May 23 19:45 'xyz.ods'
ls -l on Fileserver LXC:
-rwxrwx--- 1 fileuser nas_shares 46944 May 23 19:45 'xyz.ods'
ls -l on Linux Mint client:
-rwxr-xr-x 1 mint_username mint_usergroup 46944 Mai 23 19:45 'xyz.ods'
## user1 edits xyz.ods
mint_username edits with smb user user1 on the groupshare xyz.ods
ls -l on PVE Host:
-rwxrwx--- 1 101001 101001 47157 May 26 15:11 'xyz.ods'
ls -l on Fileserver LXC:
-rwxrwx--- 1 user1 usergroup1 47157 May 26 15:11 'xyz.ods'
ls -l on Linux Mint client:
-rwxr-xr-x 1 mint_username mint_usergroup 46944 Mai 23 19:45 'xyz.ods'
## user2
user2 wants to open xyz.ods on his Linux Mint Client but he is not allowed to read the file 'xyz.ods'.
After chown on the PVE Host (chown -R nas:nas_shares /tank/groupshare) the file is again readable by user2.
Where is the problem? When user1 saves the file then userid and usergroup are both set to his ones (-> user1 usergroup1). That should be the problem. But how can I correct that? Where is my fault in the configs?
Thanks a lot for your help.