Problems with accessing NFS share as root

[initB10r]

Hello all,
I would like to access an NFS share from an unprivileged LXC container.

From the container, both user "root" and user "Docker" should have access to the share.

I have the following configuration for the container:

100.conf

arch: amd64
cores: 4
features: keyctl=1,nesting=1
hostname: Docker
memory: 16384
mp0: /mnt/pve/Nas/lxc/Docker,mp=/share/Docker
mp1: /mnt/pve/Nas,mp=/share/test
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=e8:6a:64:af:dd:01,ip=dhcp,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-lvm:vm-100-disk-0,size=8G
swap: 16384
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

subgid

root:100000:65536
root:1000:1

subuid

root:100000:65536
root:1000:1

Here is a ls to the shares under Proxmox itself, so not from the container.

(mp0)

root@Proxmox:~# ls -lan /mnt/pve/Nas/lxc/Docker
ttotal 40
drwxrwxrwx 5 1000 1000 4096 Feb 20 20:44 .
drwxrwxrwx 3    0    0 4096 Feb 20 11:15 ..
drwxrwxrwx 3 1000 1000 4096 Feb 20 11:16 configurations
drwxrwxrwx 2 1000 1000 4096 Feb 20 11:15 images
drwxrwxrwx 4 1000 1000 4096 Mar 10 21:54 volumes

(mp1)

root@Proxmox:~# ls -lan /mnt/pve/Nas
ttotal 144
drwxrwxrwx 9 0 0  4096 Jan 12 22:03 .
drwxr-xr-x 4 0 0  4096 Mar  4 00:25 ..
drwxrwxrwx 2 0 0 86016 Feb 15 22:00 dump
drwxrwxrwx 3 0 0  4096 Jan 11 07:28 images
drwxrwxrwx 3 0 0  4096 Feb 20 11:15 lxc
drwxrwxrwx 2 0 0  4096 Jan 12 22:03 private
drwxrwxrwx 2 0 0  4096 Jan 12 22:03 snippets
drwxrwxrwx 4 0 0  4096 Jan 12 22:03 template

With the user "Docker" from the container, access to mp0 works. As expected, access to mp1 does not work.
With user "root" from the container, access to mp0 and mp1 does not work.

I added user "root" to group 1000 (Docker), but access to mp0 still does not work.

Here is the id output of "root" from the container

root@Docker:~# id
uid=0(root) gid=0(root) groups=0(root),1000(Docker)

Here is the id output of "Docker" from the container

Docker@Docker:~$ id
uid=1000(Docker) gid=1000(Docker) groups=1000(Docker),27(sudo)

User "root" is a member of group "Docker 1000", but why is "root" not allowed to access?

Last but not least I created a user "DockerRoot" with id 100000 and group 1000 under Proxmox.
But I continue to not get access.

Where is my mistake in thinking?
Does anyone have any idea how I can get access with "root"?

Thanks in advance for your support

Greetings
Marc

 

[initB10r]

After I set it "Squash Option" from "Squash no users" to "Squash all users" with NIC_NFS_STR08=Docker and NIC_NFS_STR09=Docker, everything worked.

 

[initB10r]

Unfortunately, I had to set the "Squash option" back to "Squash no users", because after restarting Proxmox itself, there was no mount possible to the NAS. This only works with "Squash no users".

And now the crazy thing, I set the option on the NAS back to "Squash no users" and restarted Proxmox. After that my mount was available again.

After that I set the option on the NAS again to "Squash all users", but this time I could not access the share in the container with the user "root".

I just don't understand it anymore. Actually, I assume that it is a normal setup, which other also use. But somehow it doesn't work for me.

Does anyone have an idea?