map uid from debian to LXC

X

xokia

Member
Apr 8, 2023
95
8
8
I have a drive that I mount in proxmox
/etc/fstab
/dev/disk/by-partuuid/blah-blah /mnt/pool0 ext4 defaults 0 2

Then I also create a mount point in LXC
mp0: /mnt/pool0,mp=pool0

I have a uid that's different under debian vs the LXC
Lets say I have a user joe with uid=1000 gid=1000 under debian

joe under LXC has uid=998 and gid =998

How do I map the Debian UID and GID to the LXC
I tried to follow the wiki
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

I came up with
/etc/pve/lxc/100.conf
lxc.idmap = u 1000 998 1
lxc.idmap = g 1000 998 1


/etc/subuid
root:1000:1

then /etc/subgid:
root:1000:1

What did I do wrong here?
 
xokia said:
I came up with
/etc/pve/lxc/100.conf
lxc.idmap = u 1000 998 1
lxc.idmap = g 1000 998 1

/etc/subuid
root:1000:1

then /etc/subgid:
root:1000:1

What did I do wrong here?
Click to expand...
You need to map all 65536 users and groups, not just the one you want to change. Try something like:
lxc.idmap: u 0 100000 1000 lxc.idmap: u 1000 998 1 lxc.idmap: u 1001 101001 64535
And similar for g. Please double check that I'm not off by one.
 
root@HOME-SERVER:~# lxc-start -F -n 100
lxc-start: 100: ../src/lxc/conf.c: lxc_map_ids: 3701 newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [998-999) not allowed": newuidmap 30717 0 100000 1000 1000 998 1 1001 101001 64535
lxc-start: 100: ../src/lxc/start.c: lxc_spawn: 1788 Failed to set up id mapping.
lxc-start: 100: ../src/lxc/start.c: __lxc_start: 2107 Failed to spawn container "100"
lxc-start: 100: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: 100: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options


maybe I messed up here it 999 not 998 so this is what I ended up with
lxc.idmap= u 0 100000 999
lxc.idmap= u 999 1000 1
lxc.idmap= u 1000 101000 64536
lxc.idmap= g 0 100000 999
lxc.idmap= g 999 1000 1
lxc.idmap= g 1000 101000 64536

1000 is the debian uid and 999 is the equivalent lxc uid
Do I have the mapping backwards? not clear to me if it should be
lxc.idmap= u 999 1000 1
or
lxc.idmap= u 1000 999 1
 
Last edited:
xokia said:
root@HOME-SERVER:~# lxc-start -F -n 100
lxc-start: 100: ../src/lxc/conf.c: lxc_map_ids: 3701 newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [998-999) not allowed": newuidmap 30717 0 100000 1000 1000 998 1 1001 101001 64535
lxc-start: 100: ../src/lxc/start.c: lxc_spawn: 1788 Failed to set up id mapping.
lxc-start: 100: ../src/lxc/start.c: __lxc_start: 2107 Failed to spawn container "100"
lxc-start: 100: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: 100: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options
Click to expand...
Try
root:998:1 root:100000:65536
for /etc/subuid and /etc/subgid.
 
leesteken said:
Try
root:998:1 root:100000:65536
for /etc/subuid and /etc/subgid.
Click to expand...
tried that I have same issue if I use = instead of : like the wiki shows the LXC starts but........ it then automagically changes the = -> : in the 100.conf file and then next boot the lxc fails to start.

lxc.idmap= u 0 100000 999
lxc.idmap= u 999 1000 1
lxc.idmap= u 1000 101000 64536
lxc.idmap= g 0 100000 999
lxc.idmap= g 999 1000 1
lxc.idmap= g 1000 101000 64536

to

lxc.idmap: u 0 100000 999
lxc.idmap: u 999 1000 1
lxc.idmap: u 1000 101000 64536
lxc.idmap: g 0 100000 999
lxc.idmap: g 999 1000 1
lxc.idmap: g 1000 101000 64536
 
xokia said:
tried that I have same issue if I use = instead of : like the wiki shows the LXC starts but........ it then automagically changes the = -> : in the 100.conf file and then next boot the lxc fails to start.
Click to expand...
The correct syntax is with :. For example this I what I use to map video group to video group, which happen to have the same numeric GID:
lxc.idmap: g 0 100000 44 lxc.idmap: g 44 44 1 lxc.idmap: g 45 100045 65490
xokia said:
lxc.idmap: u 0 100000 999
lxc.idmap: u 999 1000 1
lxc.idmap: u 1000 101000 64536
lxc.idmap: g 0 100000 999
lxc.idmap: g 999 1000 1
lxc.idmap: g 1000 101000 64536
Click to expand...
Now you are using different numbers than mapping 1000 to 998. Why? Did you adjust /etc/subuid and /etc/subgid also?
Please share the actual error messages to pin point the cause of the problems.
 
leesteken said:
The correct syntax is with :. For example this I what I use to map video group to video group, which happen to have the same numeric GID:
lxc.idmap: g 0 100000 44 lxc.idmap: g 44 44 1 lxc.idmap: g 45 100045 65490

Now you are using different numbers than mapping 1000 to 998. Why? Did you adjust /etc/subuid and /etc/subgid also?
Please share the actual error messages to pin point the cause of the problems.
Click to expand...
I figured what you posted was correct although the wiki has = instead of :

I tried to mention its uid 999 in prior post.....uid 998 was a type-o sorry about that

I am trying to map the debian plex uid to the lxc uid.
Currently under debian the owner of some files appears as systemd-timesync instead of plex. Under LXC the owner of some files appears correctly as plex


Debian UIDs
debian_uid - Copy.JPG

LXC UIDs
lxc_uid - Copy.JPG

here is what i have in the lxc/100.conf
Code: 
lxc.idmap: u 0 100000 1000
lxc.idmap: u 1000 999 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 0 100000 1000
lxc.idmap: g 1000 999 1
lxc.idmap: g 1001 101001 64535
arch: amd64
cores: 8
features: nesting=1
hostname: Plex-Server
memory: 4096
mp0: /mnt/pool0,mp=pool0
mp1: /mnt/pool1,mp=pool1
mp2: /mnt/pool2,mp=pool2
mp3: /mnt/pool3,mp=pool3
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.3.1,hwaddr=62:DB:EA:C3:D0:8E,ip=192.168.3.13/24,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-lvm:vm-100-disk-0,size=32G
searchdomain: 192.168.3.1
swap: 512
lxc.cgroup2.devices.allow: c 226:0 rwm
lxc.cgroup2.devices.allow: c 226:128 rwm
lxc.cgroup2.devices.allow: c 29:0 rwm
lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir
lxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=file

I run the following
lxc-start -F -n 100

fail1.JPG

I can not log into the shell to run systemctl status systemd-sysusers.service
 
Last edited:
leesteken said:
Use pct enter 100 on the Proxmox host to enter the container as root. I haven't taken the time to look into your new issue in detail.
Click to expand...
Here is what I ended up doing it seemed easier.

I went into
/etc/passwd -> changed the uid:group in LXC to match debian uid:group
/etc/group -> changed the group # in LXC to match debian group #

within the LXC
chown -R plex.plex '/pool3/plex_files/'
chown -R plex.plex '/pool1/plex_files/'
chown -R plex.plex '/pool2/plex_files/'

now if I access from debian or lxc the file ownership shows up the same

Thank you for your help you are one of the members that seems to try to help folks a lot. Appreciate that!
 
I have a similar problem and can not figure out what im doing wrong.

My PVE and LXC each have a user share:share with 1005:1005 as uid/gid

to my LXC's config I added:
Code: 
lxc.idmap: u 0 100000 1005
lxc.idmap: g 0 100000 1005
lxc.idmap: u 1005 1005 1
lxc.idmap: g 1005 1005 1
lxc.idmap: u 1006 101006 64530
lxc.idmap: g 1006 101006 64530

And upon rebooting my LXC I get following errors:
Code: 
lxc-start: 101: ../src/lxc/conf.c: lxc_map_ids: 3701 newuidmap failed to write mapping "newuidmap: uid range [1005-1006) -> [1005-1006) not allowed": newuidmap 3554 0 100000 1005 1005 1005 1 1006 101006 64530
lxc-start: 101: ../src/lxc/start.c: lxc_spawn: 1788 Failed to set up id mapping.
lxc-start: 101: ../src/lxc/start.c: __lxc_start: 2107 Failed to spawn container "101"
lxc-start: 101: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: 101: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options


Here is my LXC's config:
Code: 
arch: amd64
cmode: shell
cores: 2
features: nesting=1
hostname: smb-share
memory: 512
mp0: /tank/movies,mp=/mnt/movies
mp1: /tank/downloads,mp=/mnt/downloads
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.178.1,hwaddr=16:9B:B7:A7:77:9E,ip=192.168.178.61/24,ip6=dhcp,type=veth
onboot: 1
ostype: debian
rootfs: local-lvm:vm-101-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1005
lxc.idmap: g 0 100000 1005
lxc.idmap: u 1005 1005 1
lxc.idmap: g 1005 1005 1
lxc.idmap: u 1006 101006 64530
lxc.idmap: g 1006 101006 64530

Inside the LXC I added
Code: 
root:1005:1
to both /etc/subuid and /etc/subgid

On PVE I also changed permissions for the folder that is to be shared to:
Code: 
drwxrwxr-x 8 share share 8 Jun 20 20:16 movies

Please help.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom