[SOLVED] LXC idmap group permissions not applied in container

[mate1213]

Hello!
I have the following setup:

/etc/pve/lxc/<LXC-ID>.conf
mp0: /mnt/pve/Media,mp=/mnt/Media,replicate=0,backup=0
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: u 1000 1000 100
lxc.idmap: u 1100 101099 64335
lxc.idmap: g 0 100000 1998
lxc.idmap: g 1998 1998 1
lxc.idmap: g 1999 101999 63537

/etc/subuid
root:100000:65536
root:1000:100

/etc/subgid
root:100000:65536
root:1998:1

Where the mp0 is an NFS storage which is mounted on the host.


My problem is that I need to keep the share accessible for multiple user.
If I mount the folder into LXC, I can only write into folders where the owner is the user has the same ID as the SMB/NFS share user.
Because of the 775 right I can read the data, but even if I create the needed group with correct group ID and user is part of this group, it looks like the group policy is not applied here.
On the host this problem is not present, so I ruled out the share configuration problem.

Thanks for any advise

 

[mate1213]

If some one has the same issue.
The user inside the container you want to get access to the share has to have the share's group id as `gid`
Any other group will not validated.
example:
Wrong
uid=1000(user1000) gid=1000(user1000) groups=1000(user1000),100(users),1998(samba-share)
Correct
uid=1000(user1000) gid=1998(samba-share) groups=1000(user1000),100(users),1998(samba-share)