Unable to change uid/gid mapping of bind mounted nfs folder

S

skerit

New Member
Feb 4, 2023
1
0
1
I've mounted an NFS share on my Proxmox host, and I want to bind mount it inside several containers.
But all the files belong to "nobody" and "nogroup".

That alone is confusing, I thought the IDs would just be 100.000 higher than on the host?
But while on the host the files belong to UID 1001 and GID 2000, on the client they belong to both UID 65534 and GID 65534.

I tried to setup an idmap, and I've tried quite a few guides.
But any notation that I try ends up with my container refusing to boot.

This for example:

Code: 
lxc.idmap: u 0 100000 1000
           g 0 100000 1000
           u 1001 1001 1
           g 1001 1001 1
           u 1002 101000 64535
           g 1002 101000 64535

Or maybe it's written like this?

Code: 
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1001 1
lxc.idmap: g 1000 1001 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

I have no clue, but none of the different methods work.

So please: how can I actually edit the mounted NFS files in my container?
 
Hi,
skerit said:
I've mounted an NFS share on my Proxmox host, and I want to bind mount it inside several containers.
But all the files belong to "nobody" and "nogroup".

That alone is confusing, I thought the IDs would just be 100.000 higher than on the host?
But while on the host the files belong to UID 1001 and GID 2000, on the client they belong to both UID 65534 and GID 65534.
Click to expand...
By default, any container uid 0 <= n <= 65_535 is mapped to the host uid n + 100_000. But this mapping does not define any counterparts for the host uid 1001 and host gid 2000, so they show up as nobody and nogroup in the container.
skerit said:
Code: 
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1001 1
lxc.idmap: g 1000 1001 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535
Click to expand...
This mapping looks like a good beginning. It maps:
  • container uids/gids 0 <= n <= 999 to host uids/gids n + 100_000
  • container uid/gid 1000 to host uid/gid 1001
  • container uids/gids 1001 <= n <= 65_535 to host uid/gids n + 100_000
In addition, you need to adjust /etc/subuid and /etc/subgid on the host to allow the host root to impersonate the host uids/gids referenced in the mapping. By default, both contain only
Code: 
root:100000:65536
This allows the host root to impersonate host uids/gids 100_000 <= n <= 165_535, which is enough for the default case. But to get your mapping to work, you need to additionally allow the host root to impersonate host uid/gid 1001. So you need to add a line root:1001:1 to both files.

If you'd also like to map some container gid to host gid 2000, you'll need to adjust the mapping and /etc/subgid accordingly.

Hope that helps! If it still doesn't work, please post the output of pct start <vmid> -debug.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back