lxc.idmap for multiple LXC containers

F

Forssux

Member
Mar 27, 2022
62
4
13
Hi there,

On PVE host I have users
guyf uid:gid 1001:1001
eveline uid:gid 1002:1002
urbackup uid:gid 1005:1005
qnap gid 1003

I have several containers running...
container 114 is used for urbackup with user urbackup uid/gid = 115:115

container 115 is used for motioneye where guyf runs motioneye with uid 1001 (LXC uid = host uid )

In /etc/pve/lxc/114.conf
Code: 
unprivileged: 1
lxc.idmap: u 0 100000 115
lxc.idmap: u 115 1005 1
lxc.idmap: u 0 100116 884
lxc.idmap: u 1001 1001 1
lxc.idmap: u 1002 1002 1
lxc.idmap: u 1003 1003 1
lxc.idmap: u 1004 1004 1
lxc.idmap: u 1005 1005 1
lxc.idmap: g 0 100000 1003
lxc.idmap: g 1003 1003 1
lxc.idmap: g 1004 101004 64532

This is used to let urbackup use mounted storage.
In this container the user urbackup has a guid of 115:115

So on my PVE/host I have

etc/subuid
Code: 
root:115:1
root:1001:1
root:1005:1
root:100000:65536

etc/subgid
Code: 
root:1001:1
root:1003:1
root:1005:1
root:100000:65536

Anyway urback doesn't start in the container because of certain directory's belonging to nobody.
What am I doing wrong
 
Last edited:
I changed the lxc.idmap for container 114 to this:

Code: 
lxc.idmap: u 0 100000 115
lxc.idmap: g 0 100000 1003
lxc.idmap: u 115 115 1
lxc.idmap: g 1003 1003 1
lxc.idmap: u 116 100116 885
lxc.idmap: u 1001 1001 1
lxc.idmap: u 1002 101002 3
lxc.idmap: u 1005 1005 1
lxc.idmap: u 1006 101006 64530
lxc.idmap: g 1004 101004 64532

There's a tool to help with these mappings
one can do run.py 115 1005 1001

In the end I changed the urbackup uid/gid in the container to 1005 which simplified the lxc.idmap in the container.
I used the example from the tutorial from Proxmox itself.
I still had to chown several directory's inside the container.
The actual backup directory mine is /mnt/urbackup
Where urbackup is installed /var/urbackup I had to change with chown

One can on PVE/host do:
Code: 
pct mount 110
and then do
Code: 
 chown -R urbackup:urbackup /var/lib/lxc/110/rootfs/var/urbackup

afterwards:
Code: 
pct unmount 110


This is a link to another method.
 
Last edited:
Forssux said:
In /etc/pve/lxc/114.conf
Code: 
unprivileged: 1
lxc.idmap: u 0 100000 114
lxc.idmap: g 0 100000 1002
lxc.idmap: u 115 1005 1
lxc.idmap: g 1003 1003 1
lxc.idmap: u 116 100116 65425
lxc.idmap: g 1004 101004 64532
Click to expand...
UID 0-113 in LXC mapped to UID 100000-100113 on host
GID 0-1001 in LXC mapped to GID 100000-101001 on host

UID 115 in LXC mapped to UID 1005 on host
GID 1003 in LXC mapped to GID 1003 on host

UID 116-65541 in LXC mapped to UID 100116-165541 on host
GID 1004-65535 in LXC mapped to GID 101004-165535 on host

That means:
UID 114 in LXC isn't mapped
 
You must log in or register to reply here.
Top Bottom