lxc.idmap for multiple LXC containers

Forssux

Member
Mar 27, 2022
56
4
8
Hi there,

On PVE host I have users
guyf uid:gid 1001:1001
eveline uid:gid 1002:1002
urbackup uid:gid 1005:1005
qnap gid 1003

I have several containers running...
container 114 is used for urbackup with user urbackup uid/gid = 115:115

container 115 is used for motioneye where guyf runs motioneye with uid 1001 (LXC uid = host uid )

In /etc/pve/lxc/114.conf
Code:
unprivileged: 1
lxc.idmap: u 0 100000 115
lxc.idmap: u 115 1005 1
lxc.idmap: u 0 100116 884
lxc.idmap: u 1001 1001 1
lxc.idmap: u 1002 1002 1
lxc.idmap: u 1003 1003 1
lxc.idmap: u 1004 1004 1
lxc.idmap: u 1005 1005 1
lxc.idmap: g 0 100000 1003
lxc.idmap: g 1003 1003 1
lxc.idmap: g 1004 101004 64532

This is used to let urbackup use mounted storage.
In this container the user urbackup has a guid of 115:115

So on my PVE/host I have

etc/subuid
Code:
root:115:1
root:1001:1
root:1005:1
root:100000:65536

etc/subgid
Code:
root:1001:1
root:1003:1
root:1005:1
root:100000:65536

Anyway urback doesn't start in the container because of certain directory's belonging to nobody.
What am I doing wrong
 
Last edited:
I changed the lxc.idmap for container 114 to this:

Code:
lxc.idmap: u 0 100000 115
lxc.idmap: g 0 100000 1003
lxc.idmap: u 115 115 1
lxc.idmap: g 1003 1003 1
lxc.idmap: u 116 100116 885
lxc.idmap: u 1001 1001 1
lxc.idmap: u 1002 101002 3
lxc.idmap: u 1005 1005 1
lxc.idmap: u 1006 101006 64530
lxc.idmap: g 1004 101004 64532

There's a tool to help with these mappings
one can do run.py 115 1005 1001

In the end I changed the urbackup uid/gid in the container to 1005 which simplified the lxc.idmap in the container.
I used the example from the tutorial from Proxmox itself.
I still had to chown several directory's inside the container.
The actual backup directory mine is /mnt/urbackup
Where urbackup is installed /var/urbackup I had to change with chown

One can on PVE/host do:
Code:
pct mount 110
and then do
Code:
 chown -R urbackup:urbackup /var/lib/lxc/110/rootfs/var/urbackup

afterwards:
Code:
pct unmount 110


This is a link to another method.
 
Last edited:
In /etc/pve/lxc/114.conf
Code:
unprivileged: 1
lxc.idmap: u 0 100000 114
lxc.idmap: g 0 100000 1002
lxc.idmap: u 115 1005 1
lxc.idmap: g 1003 1003 1
lxc.idmap: u 116 100116 65425
lxc.idmap: g 1004 101004 64532
UID 0-113 in LXC mapped to UID 100000-100113 on host
GID 0-1001 in LXC mapped to GID 100000-101001 on host

UID 115 in LXC mapped to UID 1005 on host
GID 1003 in LXC mapped to GID 1003 on host

UID 116-65541 in LXC mapped to UID 100116-165541 on host
GID 1004-65535 in LXC mapped to GID 101004-165535 on host

That means:
UID 114 in LXC isn't mapped
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!