Permission denied on a SMB mountpoint for a non root user inside a LXC

C

cyprien-griot

Member
Jan 21, 2021
6
0
6
30
Greetings all,

I'm facing a problem with SMB mount point, permissions and containers. I'm not sure if I'm using the right method according to best practices but at least it seemed logical to me. Yet it isn't fully working so far..

I have a TrueNAS server, linked to a Samba AD, that has several SMB shares with specific ACL.
I was able to connect shares from the Proxmox cluster storage menu so that all hosts can access it (those shares contain data, not iso or dumps or else for Proxmox), I created a mount point on a container. It seemed handier that way to me, as I will be needing many containers to access these SMB shares.

It works fine with the local root user of the container : root can write inside the mount point as the user used to mount the share on the cluster (which is not root). Not sure if this is very clear ^^'
But I would like the mountpoint to be writable by the other local non root users. And so far, I haven't found the solution yet...

The storage conf :
Code: 
cifs: DonneesAcquisition
        path /mnt/pve/DonneesAcquisition
        server X.X.X.X
        share DonneesAcquisition
        content images
        mkdir 0
        username sysop@X.X

Mount result on the host :
Code: 
//X.X.X.X/DonneesAcquisition on /mnt/pve/DonneesAcquisition type cifs (rw,relatime,vers=3.1.1,cache=strict,username=sysop@X.X,uid=0,noforceuid,gid=0,noforcegid,addr=X.X.X.X,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,closetimeo=1)

The container conf :
Code: 
#### Ordonnanceur / AIRFLOW
arch: amd64
cores: 4
features: mount=cifs,nesting=1
hostname: PitonPayanke
memory: 4096
mp0: /mnt/pve/DonneesAcquisition,mp=/mnt/DonneesAcquisition
nameserver: X.X.X.X
net0: name=eth0,bridge=vmbr0,firewall=1,gw=X.X.X.X,hwaddr=X.X.X.X,ip=X.X.X.X/25,tag=100,type=veth
ostype: debian
rootfs: local-zfs:subvol-113-disk-0,size=50G
searchdomain: X.X
swap: 4096

If anyone has a clue or an advice, it would be greatly appreciated :)
Thanks in advance !
 
Well it seems that we have a slightly different problem : I have TrueNAS server that shares an SMB share where only an user called "sysop" has read/write permissions. This user isn't root.

On my Proxmox cluster, I can connect this share through the storage menu. I do this as sysop, but on the host (and then the container I mount this share in), I indeed see the share belonging to root. However, if I write anything from the root session of my container (or my host), it's all good on my TrueNAS server (files belong to sysop).

My problem is, on the container, I would like to be able to use the share with non root users and I don't find a way to give them the permissions.
 
if the container is unprivileged, those users will have very high UIDs (100000+). you probably need to give access to those, or force them being mapped to the user doing the mount.
 
The container is privileged, but so far I haven't found the way to give permanent access to them. I guess I do something wrong..
 
the same applies still - just for users in the regular range ;)
 
I'll give another try to mapping then, as I didn't succeed to make it work the first time. And I don't see another way to give access to standard users (chown or chmod or creating a specific groups did not work)
 
cyprien-griot said:
Well it seems that we have a slightly different problem : I have TrueNAS server that shares an SMB share where only an user called "sysop" has read/write permissions. This user isn't root.
My problem is, on the container, I would like to be able to use the share with non root users and I don't find a way to give them the permissions.
Click to expand...
Agreed, but the permission problem is the same. The share is allways mapped to root(755).
 
Indeed. I can't get it working.. I've tried id mapping but I guess I just don't understand how it works and either there is no results or the container does not boot anymore. .
If anyone has some hints or some advice, I'd be very grateful !
 
was somone able to solve this? apologies for reopening the topic or bmping it.

Here is my configuration

Datacenter
1729486163661.png

LXC config

1729486503526.png

No permission

1729486881454.png
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back