LXC GID Mapping Support

[AdamH14]

hi all,

I'm setting up plex in an LXC container to run plex in proxmox and successfully mounted the directory and plex can see the files and play them, however I get a "an error has occured" when I try to delete the file. I believe permissions are all correct per the below:

---HOST---

I made a new group called "adam" with GID 1000

/etc/pve/lxc/147.conf

lxc.idmap: g 0 100000 1000
lxc.idmap: g 1000 1000 1
lxc.idmap: u 0 100000 65536
lxc.idmap: g 1001 101001 64535
mp0: /mnt/pve/storage/data,mp=/data

/etc/subgid

root:1000:1

file ownership of /mnt/pve/storage/data is as follows:

drwxrwxrwx 6 root adam 74 Jul 24 04:57 media
drwxrwxr-x 6 root adam 76 Jul 24 04:55 other
drwxrwxr-x 4 root adam 52 Jul 24 04:56 pictures

---LXC CONTAINER---

In the lxc container I also made the group "adam" with GID 1000, the ownership of the above files in the container show as follows:

root@plex:~# ls -l /data                                         
total 0
drwxrwxrwx 6 nobody adam 74 Jul 24 03:57 media
drwxrwxr-x 6 nobody adam 76 Jul 24 03:55 other
drwxrwxr-x 4 nobody adam 52 Jul 24 03:56 pictures

I have also added the user "plex" to the group "adam" to ensure the plex user has the permissions of that group which should allow it to delete files

Per /etc/group:

adam:x:1000:root,plex

It appears the GID mapping is all working, however the plex user (which plex service runs as) can't delete the files, any ideas?

 

[zodiac]

Where is the file that you want to delete? I don't see it listed in your post, so I can't tell what's going on with the permissions.

Can you delete it as the "root" user in the container? Can you delete it, if you become the "plex" user? What does "id" output when you run it as "root" vs. as "plex"?

Do you see messages in "journalctl" that point towards a problem? How about in "dmesg"? Could this be an app armor issue? What distribution are you using for Plex? Is it Debian, Ubuntu, Fedora, ...?

Can you manually create a file and delete it again? If not, then what does "strace" tell you?

 

[AdamH14]

Where is the file that you want to delete? I don't see it listed in your post, so I can't tell what's going on with the permissions.

Can you delete it as the "root" user in the container? Can you delete it, if you become the "plex" user? What does "id" output when you run it as "root" vs. as "plex"?

Do you see messages in "journalctl" that point towards a problem? How about in "dmesg"? Could this be an app armor issue? What distribution are you using for Plex? Is it Debian, Ubuntu, Fedora, ...?

Can you manually create a file and delete it again? If not, then what does "strace" tell you?

Sorry! From my message the file is located in /mnt/pve/storage/media (and within subfolders there), on the host this whole directory has been chown to :1000 which is the GID of the group I made and added to the LXC GID mapping on the host.
In the LXC container I made the same GID of 1000 and added the plex user to this group.

Per my message the files correctly show as "nobody:adam" ownership in the container, as plex is in the "adam" group I assumed it would have the necessary rwx access to delete the files.

The error appears in plex itself when using the delete button. Which just says "There was a problem deleting this item"

Running journalctl shows the following:

root@plex:~# journalctl --since "2024-07-29 16:00:00"
-- Journal begins at Thu 2024-07-25 03:29:56 UTC, ends at Mon 2024-07-29 16:56:01 UTC. --
Jul 29 16:56:01 plex CRON[2493]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Jul 29 16:56:01 plex CRON[2494]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Jul 29 16:56:01 plex CRON[2493]: pam_unix(cron:session): session closed for user root

This is running on debian 11 bullseye.