I'm able to set-up a bindmount from host to LXC and have the LXC root user read and write just fine.
But what I'm trying to figure out is how to set-up multiple LXC's to access that same storage, all with nonroot users. In fact, I would even be open to have the users all below to a group, so I can manage access via the group.
I just can't wrap my head around how to manage the IDs. Do all users/groups need to have the same IDs? When LXC 1 user 1 creates a file, and LXC 2 user goes to that file, who appears as the owner?
I would really appreciate some assistance on how to make this work. Thus far, the standard user mapping from the support page has worked fine, so that's my starting point:
But what I'm trying to figure out is how to set-up multiple LXC's to access that same storage, all with nonroot users. In fact, I would even be open to have the users all below to a group, so I can manage access via the group.
I just can't wrap my head around how to manage the IDs. Do all users/groups need to have the same IDs? When LXC 1 user 1 creates a file, and LXC 2 user goes to that file, who appears as the owner?
I would really appreciate some assistance on how to make this work. Thus far, the standard user mapping from the support page has worked fine, so that's my starting point:
Code:
# uid map: from uid 0 map 1005 uids (in the ct) to the range starting 100000 (on the host), so 0..1004 (ct) → 100000..101004 (host)
lxc.idmap = u 0 100000 1005
lxc.idmap = g 0 100000 1005
# we map 1 uid starting from uid 1005 onto 1005, so 1005 → 1005
lxc.idmap = u 1005 1005 1
lxc.idmap = g 1005 1005 1
# we map the rest of 65535 from 1006 upto 101006, so 1006..65535 → 101006..165535
lxc.idmap = u 1006 101006 64530
lxc.idmap = g 1006 101006 64530