[Tutorial] Mounting NFS share to an unprivileged LXC

Hi everyone. I'm quite new to Proxmox and maybe need some advice.
Mounting itself works fine with the tutorial, but no matter what I try, I get some permission errors when handing over the NFS shares to the LXC.
My mount options in OpenMediaVault contain anongid=101000,anonuid=101000, as I have a user inside the LXC with uid=1000(myuser) gid=1000(myuser).

Checking the mounted folder and its content with ls -ld gives me the information that the folder is owned by user nobody and user nogroup.

Maybe someone can give me a hint what I may have missed.

Thanks :)
 
linesquarecube said:
Hi everyone. I'm quite new to Proxmox and maybe need some advice.
Mounting itself works fine with the tutorial, but no matter what I try, I get some permission errors when handing over the NFS shares to the LXC.
My mount options in OpenMediaVault contain anongid=101000,anonuid=101000, as I have a user inside the LXC with uid=1000(myuser) gid=1000(myuser).

Checking the mounted folder and its content with ls -ld gives me the information that the folder is owned by user nobody and user nogroup.

Maybe someone can give me a hint what I may have missed.

Thanks :)
Click to expand...

My situation is somewhat similar, but not sure if related.

I am trying to map Synology NAS to unprivileged LXC to use with Jellyfin. Mapping on NODE works fine, I have all the permissions and full access:

Code: 
root@pve:~# ls -l /mnt
total 32
drwxrwxrwx 7 1005 1005 4096 Aug 19 23:22 nfs_nas_data
drwxrwxrwx 7 1005 1005 4096 Aug 21 14:22 nfs_nas_downloads
drwxrwxrwx 7 1005 1005 4096 Aug 20 19:35 nfs_nas_media

Unfortunately, on LXC things goes wrong:

Code: 
root@jellyfin:~# ls -l /mnt
total 24
d--------- 7 nobody nogroup 4096 Aug 19 20:22 data
d--------- 7 nobody nogroup 4096 Aug 21 11:22 downloads
d--------- 7 nobody nogroup 4096 Aug 20 16:35 media

I think all this Unprivileged_LXC_containers and this Understanding LXC UID Mappings mess is at fault and I cannot wrap my head around it for the second day. I am thinking about just dropping the unprivileged LXC idea and going to privileged. It is a home setup after all.

I am sure some very important step is missing in this tutorial, but I do not know what.
 
After some trial and error, I realized that the ownership problem of the folder is less important for me. I'm running Syncthing in the LXC, and as it is able to write to the share and I have no rights problems on other machines, I stopped looking deeper into this problem. Maybe it works because the folders inside the mount that I sync to have the proper rights attached to them.

Sorry that I cannot provide any help :confused:
 
evanb said:
Very cool but only problem is you can't take snapshots of the lxcs because of the mounts unfortunately.
Click to expand...
Hello, does anybody know the reason why this setup hinders snapshoting functionality?
I would love to have a) unprivileged CT with b) NFS share bind-mounted from the host and c) snapshot functionality for daily CT backups to PBS :)
So far it seems like keep dreaming...
Thanks in advance for any kind of hint or explanation.
 
Ľudovít Lučenič said:
Hello, does anybody know the reason why this setup hinders snapshoting functionality?
I would love to have a) unprivileged CT with b) NFS share bind-mounted from the host and c) snapshot functionality for daily CT backups to PBS :)
So far it seems like keep dreaming...
Thanks in advance for any kind of hint or explanation.
Click to expand...
AFAIK the short of it is:
  1. bind mounts don't make assumptions or expose many details about the underlying storage, they're treated as POSIX compatible file system mounts, nothing more
  2. in order to snapshot in an LXC, proxmox has to be sure that the entire filesystem can be snapshotted (ie it's an LVM, btrfs, etc)
  3. because of 1, there's no interfaces for the bind mount to let proxmox know "hey, i'm snapshot compatible, go ahead!", and it's not good to do a mystery "partial snapshot", since you could revert the snapshot but the bind mounts are still in whatever state they're in, and suddenly you have a state that isn't exactly when you made the snapshot.
So, stick with backup strategies that stop the container, back it up, then restore the system. Those don't require the underlying storage to support snapshots, and make no promises about the state of bind mounts.
 
I was getting a 'Permission Denied' error in the LXC containers.
The solution was to add 'all_squash' to the NFS share configuration on the NAS.
 
  • Like
Reactions: quepasa
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back