Lxc with mount folder and no permissions to write files

V

vpnobrega

Member
Jan 17, 2021
17
3
8
36
Hello guys, i create a mount for my external USB Hard drive, add mapping in the container config file like this:
Code: 
mp0: /home/nextcloud, mp=/home/nextcloud

After restart my Container with ID 600, i can access into /home/nextcloud and see files in folder but i cant create files. I think its because i have user "nobody" in folder permissions.

I already read https://pve.proxmox.com/wiki/Unprivileged_LXC_containers but i dont know how i should config the uid in my case. Someone can help me? Thanks
 
Last edited:
Hi,
the UID needs to be for a user on the host which has permissions to read/write to the folder. Say, UserA on the host has ID 1005 and the needed permissions. If you create the mapping as described in the Wiki and also a UserB with the same ID inside the container (you don't have to choose a different name, it can also be UserA if you want, the ID is the important part), then UserB should be able to read/write to the folder. The mapping says: user with ID 1005 in the container (=UserB) should be mapped to User with ID 1005 on the host (=UserA).
 
Fabian_E said:
Hi,
the UID needs to be for a user on the host which has permissions to read/write to the folder. Say, UserA on the host has ID 1005 and the needed permissions. If you create the mapping as described in the Wiki and also a UserB with the same ID inside the container (you don't have to choose a different name, it can also be UserA if you want, the ID is the important part), then UserB should be able to read/write to the folder. The mapping says: user with ID 1005 in the container (=UserB) should be mapped to User with ID 1005 on the host (=UserA).
Click to expand...
I has created a user nextcloud with uid 1000, a new usergroup with gid 1000 and add a user to usergroup.
I make this process inside container too but when i go to mounted folder in lxc container, i see nobody in the folder. What i can change to have write permissions? thanks
 
After creating a group, a user and adding it to the group (with the same identifiers 1005) and add its to
Code: 
/etc/pve/lxc/1234.conf
like example of :
Code: 
# uid map: from uid 0 map 1005 uids (in the ct) to the range starting 100000 (on the host), so 0..1004 (ct) → 100000..101004 (host)
lxc.idmap = u 0 100000 1005
lxc.idmap = g 0 100000 1005
# we map 1 uid starting from uid 1005 onto 1005, so 1005 → 1005
lxc.idmap = u 1005 1005 1
lxc.idmap = g 1005 1005 1
# we map the rest of 65535 from 1006 upto 101006, so 1006..65535 → 101006..165535
lxc.idmap = u 1006 101006 64530
lxc.idmap = g 1006 101006 64530

Add edit
Code: 
/etc/subuid
and
Code: 
/etc/subgid
to add
Code: 
root:1005:1
i still without permissions to write files on my container. I check if uid and gid exists and everything its ok. I can understand where is my error... can somebody help me?

I dont know if there is a problem but by external hard drive its a FAT32. Should have other file system?
 
Last edited:
For FAT32, I think you need to make sure the filesystem is mounted as the correct user on the host. Use
Code: 
mount -o "uid=<user>,gid=<group>" ...
or add the options to your /etc/fstab if it's defined there.

What is the UID/GID for the relevant user on the host? In the container, create a user with the same UID/GID and use those numbers instead of 1005. Also make sure the container is shut down when you edit the configuration file to add the mapping.
 
Fabian_E said:
For FAT32, I think you need to make sure the filesystem is mounted as the correct user on the host. Use
Code: 
mount -o "uid=<user>,gid=<group>" ...
or add the options to your /etc/fstab if it's defined there.

What is the UID/GID for the relevant user on the host? In the container, create a user with the same UID/GID and use those numbers instead of 1005. Also make sure the container is shut down when you edit the configuration file to add the mapping.
Click to expand...
I had create a user with uid 2000 and a group with gid on main host and inside container too.
But when i start my container, i got an error message at mapping.
Code: 
lxc-start: 600: conf.c: lxc_map_ids: 2816 newuidmap failed to write mapping "newuidmap: uid range [2001-66531) -> [102001-166531) not allowed": newuidmap 2278 0 100000 2000 2000 2000 1 2001 102001 64530
                                lxc-start: 600: start.c: lxc_spawn: 1683 Failed to set up id mapping.
                lxc-start: 600: start.c: __lxc_start: 1950 Failed to spawn container "600"
     lxc-start: 600: tools/lxc_start.c: main: 308 The container failed to start
lxc-start: 600: tools/lxc_start.c: main: 314 Additional information can be obtained by setting the --logfile and --logpriority options

This is my mapping at lxc config
Code: 
lxc.idmap = u 0 100000 2000
lxc.idmap = g 0 100000 2000
lxc.idmap = u 2000 2000 1
lxc.idmap = g 2000 2000 1
lxc.idmap = u 2001 102001 64530
lxc.idmap = g 2001 102001 64530

Also added line to /etc/subuid and /etc/subgid
Code: 
root:2000:1

The owner at mount folder in main host it's root. Should be the new user created with uid 2000?
 
vpnobrega said:
This is my mapping at lxc config
Code: 
lxc.idmap = u 0 100000 2000
lxc.idmap = g 0 100000 2000
lxc.idmap = u 2000 2000 1
lxc.idmap = g 2000 2000 1
lxc.idmap = u 2001 102001 64530
lxc.idmap = g 2001 102001 64530
Click to expand...
IIRC, LXC expects you to map exactly 65536 IDs (all from 0 up to 65535), so you need to use 63535 (= 65536 - 2001) instead of 64530 for the last two lines.

vpnobrega said:
The owner at mount folder in main host it's root. Should be the new user created with uid 2000?
Click to expand...
The user with UID 2000 needs to have write permissions to the folder, and with FAT32 I think the only good way to achieve this, is to mount it as that user:
Code: 
umont /path/to/mountpoint
mount -o "uid=2000,gid=2000" /path/to/partiton /path/to/mountpoint
 
  • Like
Reactions: vpnobrega
Fabian_E said:
IIRC, LXC expects you to map exactly 65536 IDs (all from 0 up to 65535), so you need to use 63535 (= 65536 - 2001) instead of 64530 for the last two lines.


The user with UID 2000 needs to have write permissions to the folder, and with FAT32 I think the only good way to achieve this, is to mount it as that user:
Code: 
umont /path/to/mountpoint
mount -o "uid=2000,gid=2000" /path/to/partiton /path/to/mountpoint
Click to expand...
Thank you for your answer. Later I will experiment with this range of ids.

Instead of creating mount on the command line, i added to the file /etc/fstab the next line.
Code: 
UUID="5B2A99EF4B43EB0A" /mnt/nextcloud/ ntfs nls-utf8,umask-0222,uid-2000,gid-2000,rw 0 0
Is this correct for my user to have write permissions?

PS: I formatted the usb drive and now it's in the format NTFS.
 
Fabian_E said:
IIRC, LXC expects you to map exactly 65536 IDs (all from 0 up to 65535), so you need to use 63535 (= 65536 - 2001) instead of 64530 for the last two lines.


The user with UID 2000 needs to have write permissions to the folder, and with FAT32 I think the only good way to achieve this, is to mount it as that user:
Code: 
umont /path/to/mountpoint
mount -o "uid=2000,gid=2000" /path/to/partiton /path/to/mountpoint
Click to expand...
Great!! Now its working. Many thanks
 
Glad to hear. Please mark the thread as [SOLVED] so others can find solutions more quickly.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back