Say I have 5 containers each running an application. For each I have bind mounted a directory:
/mnt/container_data/container1
/mnt/container_data/container2
etc
Where the application will contain all its application data.
I now create a further container running a backup application. To that I mount the following:
/mnt/container_data
/mnt/backups
The idea being that it backs up the whole container_data to backups.
I'm struggling to plan the id maps required, if at all. I need the backup container to be able to read (only) everything in /mnt/container_data.
Furthermore one of the application containers will possibly be a file share application, so will require multiple users too (and not just one to run the app).
Should I create all the necessary users in proxmox and map? Or should I run each container with the application users and fileshare users and somehow grant permissions externally? Or would the backup container automatically have access to anything that bound to it as it's running as its own root anyway?
I've tried playing around with some tests but I'm still a little confused as to how to approach this type of user management across unprivileged containers. Any guidance welcome!
/mnt/container_data/container1
/mnt/container_data/container2
etc
Where the application will contain all its application data.
I now create a further container running a backup application. To that I mount the following:
/mnt/container_data
/mnt/backups
The idea being that it backs up the whole container_data to backups.
I'm struggling to plan the id maps required, if at all. I need the backup container to be able to read (only) everything in /mnt/container_data.
Furthermore one of the application containers will possibly be a file share application, so will require multiple users too (and not just one to run the app).
Should I create all the necessary users in proxmox and map? Or should I run each container with the application users and fileshare users and somehow grant permissions externally? Or would the backup container automatically have access to anything that bound to it as it's running as its own root anyway?
I've tried playing around with some tests but I'm still a little confused as to how to approach this type of user management across unprivileged containers. Any guidance welcome!