Mountpoint on LXC Container not writable in application only in shell

[npaul]

Hello dear Proxmox community,

I’m totally lost with something seemingly simple and thought maybe someone is able to point me in the right direction as I have pretty much tried all the tricks I know and nothing worked (yet):

Goal: I have an SMB-Share that I want to make available via FTP.

For that I have:

• Created an LXC-Container with an FTP-Server (Tried 3 actually: Webmin, AApanel, SFTPgo)
• Added my SMB-Folder as „Storage“ in Proxmox
• I added that mounted SMB-Folder as a mount point to the LXC-Container
• The LCX-Container is privileged, running ubuntu

Whats working:

• I can see the the folder and its contents in the host and in the container shell
• I can create files in the host and in the container shell
• I can see all files when I connect via FTP no matter what server I use

Where is the problem:

• With all three servers I can not write or delete files via FTP access. Whenever I connect via FTP I am only able to read (see all files) but not write / delete stuff.

The contents of my SMB-Share all have these values when I do an ls -l

drwxr-xr-x 2 root root

Does anyone have an Idea where I’m going wrong? I was thinking it’s a problem with the FTP server configuration but since the same problem is happening with all 3 different servers (each tested in different containers btw) I’m thinking it’s probably rather proxmox-related.

Any help is greatly appreciated.

Thanks for your time,
Niklas

 

[fweber]

Hi, these permissions:

drwxr-xr-x 2 root root

mean that all system users can see contents, but only root can write. I'd guess that all three FTP servers have dedicated users for file access instead of root, meaning that the FTP server's user does not have the permission to write files, which would explain why you cannot write files via FTP. I'd guess you can fix this by finding out the FTP server user, and making sure this user has write access. As you're using an SMB share, you could try changing the uid/gid mount options [1] to the correct user. As of now, you cannot set these options for Proxmox-managed storage, so you'd have to add an entry to /etc/fstab on the host instead with the relevant options, and bind-mount [2] the mount into your container.

Hope that helps!

[1] https://linux.die.net/man/8/mount.cifs
[2] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_bind_mount_points

 

[npaul]

Hi, these permissions:

drwxr-xr-x 2 root root

mean that all system users can see contents, but only root can write. I'd guess that all three FTP servers have dedicated users for file access instead of root, meaning that the FTP server's user does not have the permission to write files, which would explain why you cannot write files via FTP. I'd guess you can fix this by finding out the FTP server user, and making sure this user has write access. As you're using an SMB share, you could try changing the uid/gid mount options [1] to the correct user. As of now, you cannot set these options for Proxmox-managed storage, so you'd have to add an entry to /etc/fstab on the host instead with the relevant options, and bind-mount [2] the mount into your container.

Hope that helps!

[1] https://linux.die.net/man/8/mount.cifs
[2] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_bind_mount_points

Hi @fweber / Friedrich,

thank you so much for your super helpful reply! Very much appreciated.
I dug through the cifs manual and changed my fstab to include forceuid. I tried both a number and a username and added it like this:
//10.0.0.1/website_backups /mnt/website_backups cifs forceuid=2,username=****,password=****,iocharset=utf8,noperm 0 0
I then did systemctl daemon-reload and also mount -av in the hopes of reloading the fstab.

The bind-mount into the container works fine as far as I can tell. I did all of the commands in the shell of the host, not the container. But whatever I change I can't seem to change anything. I know that one of my server applications required the user to be www but chmod doesn't work and the forceuid=www didn't work either. I'm not sure it would work with a username instead of an ID tough. According to the manual uid= can take both but it wasn't explicitly mentioned for forceuid=.

Am I at least hunting in the right direction?

Thanks again for your help! I feel like I've learned a lot from this already.
Niklas

 

[fweber]

Hi Niklas,

That does sound like the right direction!

I dug through the cifs manual and changed my fstab to include forceuid. I tried both a number and a username and added it like this:
//10.0.0.1/website_backups /mnt/website_backups cifs forceuid=2,username=****,password=****,iocharset=utf8,noperm 0 0

If you want the files to be owned by user foo and group bar, you need to pass uid=foo,gid=bar (instead of the names, you can also use the numeric uid and gid). The forceuid option (I don't think it takes a value) should only be needed if the SMB server supports CIFS UNIX extensions and already sends own uids -- the option would tell the client to ignore those.

I then did systemctl daemon-reload and also mount -av in the hopes of reloading the fstab.

To be sure that the new options from /etc/fstab are applied, I'd suggest to umount the old mountpoint before running mount -av.