[SOLVED] Permissions of mounted storage in LXC

T

TeeBee

New Member
Jul 20, 2023
5
0
1
Can anyone tell me what i'm doing wrong. Users other than root cannot write to a shared folder.

What i did:
  1. Mounted a ext4 drive in Proxmox VE and created a dir
  2. Created an Fstab MergerFS to merge the dir to a shared folder
  3. Used the mp0 command to add the mergerFS directory to the priviliged LXC's
  4. The root in LXC's has full access to /storage. I'm able to access files, write files from different LXC's in the same folder.
  5. The user plex has been given full permissions for the folder 'storage' within the LXC
Code: 
root@plex:/storage# ls -l
total 44
drwxrwxr-x 2 plex plex  4096 Jul 31 14:03 dump
drwxrwxr-x 2 plex plex  4096 Jul 31 14:03 images
drwxrwxr-x 2 plex plex 16384 Jul 31 14:03 lost+found
drwxrwxr-x 2 plex plex  4096 Jul 31 14:03 private
drwxrwxr-x 2 plex plex  4096 Jul 31 14:03 snippets
drwxrwxr-x 4 plex plex  4096 Jul 31 14:03 template
-rwxrwxr-x 1 plex plex     8 Jul 31 14:16 test
drwxrwxr-x 5 plex plex  4096 Jul 31 15:40 usb
-rwxrwxr-x 1 plex plex     0 Jul 31 14:16 v

However, when i'm running the following command i get permission denied.

Code: 
root@plex:/storage# sudo -u plex ls /storage
ls: cannot access '/storage': Permission denied
root@plex:/storage#
 
could i see the fstab and also the output of mount?
 
Code: 
root@prox:~# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=8039556k,nr_inodes=2009889,mode=755,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1614860k,mode=755,inode64)
/dev/mapper/pve-root on / type ext4 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=16181)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
/dev/sda2 on /boot/efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
lxcfs on /var/lib/lxcfs type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
/dev/fuse on /etc/pve type fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other)
/dev/sdb1 on /mnt/pve/datausb type ext4 (rw,relatime)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=1614856k,nr_inodes=403714,mode=700,inode64)
/mnt/pve/toshusb on /mnt/storage type fuse.mergerfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions)
/dev/sdd1 on /mnt/pve/toshusb type ext4 (rw,relatime)

Code: 
root@prox:~# cat /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/pve/root / ext4 errors=remount-ro 0 1
UUID=6280-C100 /boot/efi vfat defaults 0 1
/dev/pve/swap none swap sw 0 0
proc /proc proc defaults 0 0
/mnt/pve/toshusb /mnt/storage fuse.mergerfs defaults,nonempty,allow_other,use_ino,cache.files=on,moveonenospc=true,category.create=mfs,dropcacheonclose=true,minfreespace=250G,fsname=mergerfs 0 0
 
try to add noacl to the options of the mergerfs entry in your fstab
 
Thanks for your suggestion.

I added noacl to the options of the mergerfs entry in fstab. After that i ran mount -a. Then to be sure i unmounted and did mount -a again. This time i got two errors:

Code: 
* ERROR: invalid argument - cache.files=on
* ERROR: invalid argument - noacl

after removing those option from the fstab i ran mount -a again. Nothing worked anymore, root user had no access to /storage. Then i realised i hadn't added this line to Fstab.

Code: 
/dev/sdd1 on /mnt/pve/toshusb type ext4 (rw,relatime)

After adding this to fstab and running the following command gave me the proper access rights:

Code: 
root@plex:/storage# sudo -u plex ls /storage

I have no idea what change actually solved the issue. However it seems like using mount -a doesn't reload options added to fstab.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back