[SOLVED] Permissions of mounted storage in LXC

T

TeeBee

New Member
Jul 20, 2023
5
0
1
Can anyone tell me what i'm doing wrong. Users other than root cannot write to a shared folder.

What i did:
  1. Mounted a ext4 drive in Proxmox VE and created a dir
  2. Created an Fstab MergerFS to merge the dir to a shared folder
  3. Used the mp0 command to add the mergerFS directory to the priviliged LXC's
  4. The root in LXC's has full access to /storage. I'm able to access files, write files from different LXC's in the same folder.
  5. The user plex has been given full permissions for the folder 'storage' within the LXC
Code: 
root@plex:/storage# ls -l
total 44
drwxrwxr-x 2 plex plex  4096 Jul 31 14:03 dump
drwxrwxr-x 2 plex plex  4096 Jul 31 14:03 images
drwxrwxr-x 2 plex plex 16384 Jul 31 14:03 lost+found
drwxrwxr-x 2 plex plex  4096 Jul 31 14:03 private
drwxrwxr-x 2 plex plex  4096 Jul 31 14:03 snippets
drwxrwxr-x 4 plex plex  4096 Jul 31 14:03 template
-rwxrwxr-x 1 plex plex     8 Jul 31 14:16 test
drwxrwxr-x 5 plex plex  4096 Jul 31 15:40 usb
-rwxrwxr-x 1 plex plex     0 Jul 31 14:16 v

However, when i'm running the following command i get permission denied.

Code: 
root@plex:/storage# sudo -u plex ls /storage
ls: cannot access '/storage': Permission denied
root@plex:/storage#
 
could i see the fstab and also the output of mount?
 
Code: 
root@prox:~# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=8039556k,nr_inodes=2009889,mode=755,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1614860k,mode=755,inode64)
/dev/mapper/pve-root on / type ext4 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=16181)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
/dev/sda2 on /boot/efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
lxcfs on /var/lib/lxcfs type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
/dev/fuse on /etc/pve type fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other)
/dev/sdb1 on /mnt/pve/datausb type ext4 (rw,relatime)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=1614856k,nr_inodes=403714,mode=700,inode64)
/mnt/pve/toshusb on /mnt/storage type fuse.mergerfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions)
/dev/sdd1 on /mnt/pve/toshusb type ext4 (rw,relatime)

Code: 
root@prox:~# cat /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/pve/root / ext4 errors=remount-ro 0 1
UUID=6280-C100 /boot/efi vfat defaults 0 1
/dev/pve/swap none swap sw 0 0
proc /proc proc defaults 0 0
/mnt/pve/toshusb /mnt/storage fuse.mergerfs defaults,nonempty,allow_other,use_ino,cache.files=on,moveonenospc=true,category.create=mfs,dropcacheonclose=true,minfreespace=250G,fsname=mergerfs 0 0
 
try to add noacl to the options of the mergerfs entry in your fstab
 
Thanks for your suggestion.

I added noacl to the options of the mergerfs entry in fstab. After that i ran mount -a. Then to be sure i unmounted and did mount -a again. This time i got two errors:

Code: 
* ERROR: invalid argument - cache.files=on
* ERROR: invalid argument - noacl

after removing those option from the fstab i ran mount -a again. Nothing worked anymore, root user had no access to /storage. Then i realised i hadn't added this line to Fstab.

Code: 
/dev/sdd1 on /mnt/pve/toshusb type ext4 (rw,relatime)

After adding this to fstab and running the following command gave me the proper access rights:

Code: 
root@plex:/storage# sudo -u plex ls /storage

I have no idea what change actually solved the issue. However it seems like using mount -a doesn't reload options added to fstab.
 
Last edited:
You must log in or register to reply here.
Top Bottom