For the last year or so I've had a container running that has map of an 'nc' user (uid: 1005) on my pve host to 'www-data' (uid: 33) in an LXC unprivileged container. Has worked flawlessly.
However, recently I had cause to restore from a backup and I was getting a bunch of errors related to permissions in the recovered container. At first I thought it was an issue with the backup/recovery process, but in attempting to rebuild from a fresh container I ended up running into exactly the same issue with permissions not working as expected.
It appears that I am now unable to map to the 'www-data' user in a container. Whenever I try to do that, all folders and files owned by that group switch to ownership by 'nobody:nogroup'. I can map to other users just fine, it just seems to be this one specific user.
Is there something special about the 'www-data' user that is causing this issue? And is a little baffling why it's worked for a year (and container has been started and stopped many times) and now seems to have stopped working. I've recently updated to the latest pve, so wondering if something has changed?
pve version: pve-manager/5.3-5/97ae681d (running kernel: 4.15.18-9-pve)
container config file
/etc/subuid
/etc/subuid
In summary: when I map to the 'www-data' user in a container, ownership of all www-data folders and files in the container changes to nobody:nogroup. Setup has previously been working for a while but has recently stopped working (maybe from a pve update?) ... and can map successfully to other users in the container without issue.
However, recently I had cause to restore from a backup and I was getting a bunch of errors related to permissions in the recovered container. At first I thought it was an issue with the backup/recovery process, but in attempting to rebuild from a fresh container I ended up running into exactly the same issue with permissions not working as expected.
It appears that I am now unable to map to the 'www-data' user in a container. Whenever I try to do that, all folders and files owned by that group switch to ownership by 'nobody:nogroup'. I can map to other users just fine, it just seems to be this one specific user.
Is there something special about the 'www-data' user that is causing this issue? And is a little baffling why it's worked for a year (and container has been started and stopped many times) and now seems to have stopped working. I've recently updated to the latest pve, so wondering if something has changed?
pve version: pve-manager/5.3-5/97ae681d (running kernel: 4.15.18-9-pve)
container config file
Code:
mp0: /mnt/pve/remote-stagnum-nc-yanwoo,mp=/mnt/yanwoo
mp1: /mnt/pve/remote-stagnum-nc-nina,mp=/mnt/nina
arch: amd64
cores: 1
hostname: nextcloud
memory: 1024
net0: name=eth0,bridge=vmbr0,hwaddr=1a:58:64:75:1e:48,ip=dhcp,tag=60,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-zfs-storage:subvol-220-disk-0,size=30G
startup: order=4
swap: 0
unprivileged: 1
lxc.idmap: u 0 100000 33
lxc.idmap: g 0 100000 33
lxc.idmap: u 33 1005 1
lxc.idmap: g 33 1005 1
lxc.idmap: u 34 100034 65501
lxc.idmap: g 34 100034 65501
/etc/subuid
Code:
root:100000:65536
root:1005:1
root:33:1
/etc/subuid
Code:
root:100000:65536
root:1005:1
root:33:1
In summary: when I map to the 'www-data' user in a container, ownership of all www-data folders and files in the container changes to nobody:nogroup. Setup has previously been working for a while but has recently stopped working (maybe from a pve update?) ... and can map successfully to other users in the container without issue.