Turnkey File Server permission problems

proxwolfe

Well-Known Member
Jun 20, 2020
501
52
48
49
Hi,

I am trying to set up a simple smb file server on proxmox:

- installed the Turnkey File Server template into an lxc container
- on pve created a folder /mnt/ctmounts/public
- added this as mount point to the container

In the container I can see /mnt/ctmounts/public and can share it via smb for my Windows machine to connect to but:
- when I try to create a file in the mounted directory on my Windows machine I get an error telling me I am not allowed (when I mount the TKL File Server's standard share folder /srv/storage, I can create files there from my Windows machine)
- when I create a folder /mnt/ctmounts/public/test (just for test purposes), this does not show up in the container in /mnt/ctmounts/public and vice versa.

So it seems that what the container sees and shares out is not exactly the same what pve hands over to it (although it is in the same place).

Anybody been through this?

BTW (in case this matters):
- The lcx container is unpriviledged
- The directory mounted to the container is on a zfs pool (the entire pve installation is)

Any helps/hints appreciated!
 
Hi,

I am trying to set up a simple smb file server on proxmox:

- installed the Turnkey File Server template into an lxc container
- on pve created a folder /mnt/ctmounts/public
- added this as mount point to the container

In the container I can see /mnt/ctmounts/public and can share it via smb for my Windows machine to connect to but:
- when I try to create a file in the mounted directory on my Windows machine I get an error telling me I am not allowed (when I mount the TKL File Server's standard share folder /srv/storage, I can create files there from my Windows machine)
- when I create a folder /mnt/ctmounts/public/test (just for test purposes), this does not show up in the container in /mnt/ctmounts/public and vice versa.

So it seems that what the container sees and shares out is not exactly the same what pve hands over to it (although it is in the same place).

Anybody been through this?

BTW (in case this matters):
- The lcx container is unpriviledged
- The directory mounted to the container is on a zfs pool (the entire pve installation is)

Any helps/hints appreciated!
I am new to this ... Is this the Turnkey File Server you are referring to ? https://www.turnkeylinux.org/fileserver

Hope to learn how you solved this ... Thanks.
 
I am new to this ... Is this the Turnkey File Server you are referring to ? https://www.turnkeylinux.org/fileserver
Hope to learn how you solved this ... Thanks.

yes, this is the one.

I am far from solving this. So you can watch my progress live:

You need to work with manual user remapping or chmod that /mnt/ctmounts/public to 777 so everyone can read/write to it.

Thanks Dunuin.

I chmoded /mnt/ctmounts/public first on the host which did not change the outcome.

I then chmoded /mnt/ctmounts/public in the container. Now I can actually create a file in this folder on my mounted Windows machine.

However, this file still does not show up in /mnt/ctmounts/public on the host. So there still seems to be another problem that the folder is not the same on the host and in the container somehow...
 
Okay, so I think I figured it out (sort of).

I am still not sure as to why changes made to the mounted folder inside the container do not show up in the supposedly same mounted folder on the host.

What I did was start over and create a new folder and also mounted it in the container (BTW: this was automatically incorporated into the container conf file by the system):
pct set 100 -mp0 /mnt/bindmounts/shared,mp=/shared
(I used a different location on my system.)

I then mapped the users as described in the proxmox manual (https://pve.proxmox.com/wiki/Unprivileged_LXC_containers#Using_local_directory_bind_mount_points):
# uid map: from uid 0 map 1005 uids (in the ct) to the range starting 100000 (on the host), so 0..1004 (ct) → 100000..101004 (host)
lxc.idmap = u 0 100000 1005
lxc.idmap = g 0 100000 1005
# we map 1 uid starting from uid 1005 onto 1005, so 1005 → 1005
lxc.idmap = u 1005 1005 1
lxc.idmap = g 1005 1005 1
# we map the rest of 65535 from 1006 upto 101006, so 1006..65535 → 101006..165535
lxc.idmap = u 1006 101006 64530
lxc.idmap = g 1006 101006 64530

One piece that was not clear to me from the manual was where this is supposed to happen:
First the file /etc/subuid (we allow 1 piece of uid starting from 1005):

root:1005:1

then /etc/subgid:

root:1005:1
This has to be done on the host.

But it still did not work at this point.

The critical piece for me was to also chown the mounted folder on the host to user 1005:1005 (if you follow the example from the manual above).

From here on, I was able to create files in the folder inside the container that also showed up on the host and vice versa.

But what still did not work was creating or deleting files in the folder from my Windows machine to which I had mounted the folder via SMB/CIFS.

What helped here was to chmod the folder inside the container to allow rwx (777) (maybe you could also get away with a more restrictive approach and I may try tweaking this part a bit; executing right, for example, might not be required; but that's where I started anyway).

And now, finally, I can create a file on my Windows machine in the mounted folder which shows up on the mounted folder inside the container and on the host as well.
 
Last edited:
  • Like
Reactions: Whitterquick

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!