Mapping users for bind mount in unprivileged CT

[Bubbagump210]

I am trying to map a ZFS dataset into an LXC. The dataset is a PBS data set I am migrating from bare metal to LXC if that matters. I have read the docs here and there are a few assumptions that I am not understanding.

In that article it talks about user ID 1005. Is that a real user? Like I create that user in /etc/passwd? Considering this is a PBS instance, should I instead map to the backup user created by PBS which seems to be ID 34?

I tried

lxc.idmap: u 34 34 0
lxc.idmap: g 34 34 0

But that failed on startup saying

newuidmap: uid range [34-34) -> [34-34) not allowed

So I don't understand how to make this work.

I also don't udnerstand the role of /etc/subuid and subgid - but it seems they are unnecessary as I am doing a 1:1 map?

Any help appreciated.

 

[leesteken]

34 34 0 means start at 34 and map 0 ids to 34 , which therefore maps no ids, while you are supposed to map all 65536 ids. Unless I have miscounted, you need this to map your user (similar for group):
lxc.idmap: u 0 100000 34 lxc.idmap: u 34 34 1 lxc.idmap: u 35 100035 65501
I think this maps user 0-33 to 100000-100033, maps 34 to 34 and maps 35-65535 to 100035-165535. You also need to adjust /etc/subuid (and /etc/subguid) on the host.

 

[Bubbagump210]

34 34 0 means start at 34 and map 0 ids to 34 , which therefore maps no ids, while you are supposed to map all 65536 ids. Unless I have miscounted, you need this to map your user (similar for group):
lxc.idmap: u 0 100000 34 lxc.idmap: u 34 34 1 lxc.idmap: u 35 100035 65501
I think this maps user 0-33 to 100000-100033, maps 34 to 34 and maps 35-65535 to 100035-165535. You also need to adjust /etc/subuid (and /etc/subguid) on the host.

Ah, I think I understand better and perhaps a better option is to chown 100034.100034 the dataset on the host?

 

[leesteken]

Ah, I think I understand better and perhaps a better option is to chown 10034.10034 the dataset on the host?

If that's what you actually need, yes much easier. PBS itself also has a user administration and I don't know it does that, but chown on the root of that dataset sounds like a good start. Have you seen the forum for PBS? If you still have user or permission issues later on, maybe people there can help you better.
EDIT: I have a PBS running in a container and all files in the storage appear to have 100034:100034, which you can do with chown -R.

 

[Bubbagump210]

If that's what you actually need, yes much easier. PBS itself also has a user administration and I don't know it does that, but chown on the root of that dataset sounds like a good start. Have you seen the forum for PBS? If you still have user or permission issues later on, maybe people there can help you better.
EDIT: I have a PBS running in a container and all files in the storage appear to have 100034:100034, which you can do with chown -R.

I figured with was more of a container issue as it was mapping. And indeed, chown 100034 worked a peach... though I will be waiting forever for .chunks to finish. Thanks!