Unprivileged LXC containers ID Mapping Issues

T

tdashmike

New Member
Jul 1, 2024
6
0
1
Hello,

I noticed today that one of my containers wasn't backing up. I checked the idmaps but they seemed to be correct. Can someone help me with this? Also, I'm not sure why the subuid and subgid had the bottom portions in each file.

Backup Log:
INFO: creating vzdump archive '/storage/dump/vzdump-lxc-102-2025_01_02-20_48_03.tar.zst'
INFO: tar: ./home/mike/.ssh: Cannot open: Permission denied

Container Config:
arch: amd64
cores: 1
features: nesting=1
hostname: SAMBA
memory: 512
mp0: /storage/nas,mp=/nas
net0: name=eth0,bridge=vmbr0,hwaddr=BC:24:11:3C:72:2B,ip=dhcp,ip6=dhcp,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-zfs:subvol-102-disk-2,size=8G
startup: order=0,up=30,down=180
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: u 1001 1001 1
lxc.idmap: g 1000 1000 1
lxc.idmap: g 1001 1001 1
lxc.idmap: u 1002 101002 64534
lxc.idmap: g 1002 101002 64534

ls -al:
root@SAMBA:/home/mike# ls -al
total 15
drwxr-xr-x 3 nobody nogroup 6 Jul 9 16:23 .
drwxr-xr-x 5 root root 5 Dec 29 21:01 ..
-rw-r--r-- 1 nobody nogroup 220 Feb 25 2020 .bash_logout
-rw-r--r-- 1 nobody nogroup 3771 Feb 25 2020 .bashrc
-rw-r--r-- 1 nobody nogroup 807 Feb 25 2020 .profile
drwx------ 2 nobody nogroup 3 Jul 6 17:35 .ssh

subuid:
root:1000:1
root:1001:1
root:1002:1
root:100000:65536
mike:165536:65536
mike:231072:65536
lili:296608:65536

subgid:
root:44:1
root:104:1
root:1000:1
root:1001:1
root:1002:1
root:100000:65536
mike:165536:65536
mike:231072:65536
lili:296608:65536

Host UIDs:
home:x:1000:1000:,,,:/home/mike:/bin/bash
mike:x:1001:1001::/home/mike:/bin/sh

Host GIDs:
home:x:1000:
mike:x:1001:

Guest UIDs:
home:x:1000:1000:home:/home/home:/bin/nologin
mike:x:1001:1001::/home/mike:/bin/nologin

Guest GIDs:
home:x:1000:
mike:x:1001:
 
Last edited:
fiona said:
Hi,
likely the mapping was changed when the container filesystem (and in particular the /home/mike directory) already existed and thus already had IDs assigned. But changing the mapping does not change those IDs. See the following for how to update those: https://forum.proxmox.com/threads/permissions-with-migrated-lvm-volume.121037/#post-526147
Click to expand...
Thanks for the help. I followed the instructions in the link but the permissions look correct to me? Could you also let me know if the bottom halves of the subuid and subgid are necessary or correct?

1735939996928.png
 
Last edited:
tdashmike said:
Thanks for the help. I followed the instructions in the link but the permissions look correct to me? Could you also let me know if the bottom halves of the subuid and subgid are necessary or correct?

View attachment 80173
Click to expand...
The current/new mapping is from ID 1001 to 1001, but the files belong to a different ID, i.e. the ID of the default/old mapping.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom