I am building a backup server for my church and running into my own limitations on how to map a group on a container to a group on the host.
I create a group on the CT that I want to map to a group on the host. I don't want to create an arbitrary user on the CT; I do create an arbitrary user on the host, however, so that the group of users I create will have the permissions I set on the mount points I pass to the CT.
Here is the situation:
Here is my /etc/pve/lxc/100.conf
...
I think I have the lxc.idmap part correct (above), but I am confused on /etc/subuid and /etc/subgid.
- in https://pve.proxmox.com/wiki/Unprivileged_LXC_containers, it reads:
I am confused as to why I need to map root-on-the-host to a non-root-user on my container? Why?
Thanks for setting me on the right path.
I create a group on the CT that I want to map to a group on the host. I don't want to create an arbitrary user on the CT; I do create an arbitrary user on the host, however, so that the group of users I create will have the permissions I set on the mount points I pass to the CT.
Here is the situation:
Here is my /etc/pve/lxc/100.conf
...
Code:
unprivileged: 1
lxc.idmap: g 0 100000 1010
lxc.idmap: g 1010 1010 1
lxc.idmap: g 1011 101011 64524I think I have the lxc.idmap part correct (above), but I am confused on /etc/subuid and /etc/subgid.
- in https://pve.proxmox.com/wiki/Unprivileged_LXC_containers, it reads:
Code:
Then we have to allow lxc to actually do the mapping on the host. Since lxc creates the CT using root, we have to allow root to use these uids in the container.
First the file /etc/subuid (we allow 1 piece of uid starting from 1005):
root:1005:1
then /etc/subgid:
root:1005:1I am confused as to why I need to map root-on-the-host to a non-root-user on my container? Why?
Thanks for setting me on the right path.