[SOLVED] Presenting a CIFS share to a Container


Well-Known Member
Apr 23, 2017
I have mounted a CIFs share in my proxmox host that presents files as owned by foo:users. Foo's id is 1002.

I want to present this share to a unprivileged container, I'm assuming using a bind mount.

The user in the container has id 1000:1000, and creates files like so.

I have added the following to my config:

unprivileged: 1
mp0: /mnt/container-data/test-ct,mp=/appdata
#map ids to NAS proxmox sid/gid
lxc.id_map = u 0 100000 1000
lxc.id_map = g 0 100000 1000
lxc.id_map = u 1000 1002 1
lxc.id_map = g 1000 100 1
lxc.id_map = u 1001 101001 64530
lxc.id_map = g 1001 101001 64530

and the following to subuid and subgid resp:

subuid: root:1002:1
subgid: root:100:1

This appears to do the job, and when entering the container using pct I can read and write to the mounted directory perfectly.

However I can no longer SSH, and can only enter via the host. Something has broken. Removing the 6 mappings brings it back again.

Is there something obvious I'm missing? Is the above approach the correct one?
Why not mount the share inside the container directly?
  • Like
Reactions: majorgear
Well the idea was to abstract storage away from the containers, so they dont even know they're on a CIFs mount. That way the host would log in once, but configure access via bindmounts.

Seems a little more trouble than its worth though so might go with the container mounts, or maybe NFS via the host.
did you add the unprivileged manually to the config? it needs to be set at create/restore time, otherwise all the existing owners are wrong ;)
mounting on the host and bind-mounting in the container is correct. but your maps are wrong/too small. on many distros, the user "nobody" and the group "nogroup" have the uid/gid 65534, but your map only goes to 65531. sshd will attempt to drop privileges, and fail (you can see this in the container logs ;)). changing the 64530 to 64535 should fix your issue.


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!