user mapping into LXC or lxc.idmap

Forssux

Member
Mar 27, 2022
56
4
8
Hi There,

For backup reasons I need to map 5 users and groups into a LXC running Syncthing.

I have a container where I map the following

lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 1001 1
lxc.idmap: g 1001 1001 1
lxc.idmap: u 1002 1002 1
lxc.idmap: g 1002 1002 1
lxc.idmap: u 1003 1003 1
lxc.idmap: g 1003 1003 1
lxc.idmap: u 1004 101004 64532
lxc.idmap: g 1004 101004 64532

This works and the container starts with the gui..

However when I do the following in another container

lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 1001 1
lxc.idmap: g 1001 1001 1
lxc.idmap: u 1002 1002 1
lxc.idmap: g 1002 1002 1
lxc.idmap: u 1003 1003 1
lxc.idmap: g 1003 1003 1
lxc.idmap: u 1004 1004 1
lxc.idmap: g 1004 1004 1
lxc.idmap: u 1005 1005 1
lxc.idmap: g 1005 1005 1
lxc.idmap: u 1006 101006 64530
lxc.idmap: g 1006 101006 64530

It doesn't work even the lxc-start -F -n 118 won't start the container.
I have given 5 users the same uid in all containers....I'm lost why the upper works but the lower one doens't
Does somebody have advice?

Regards Guy
 
Did you add 1004 and 1005 to the files /etc/subuid and /etc/subgid like you did for 1000-1003?
If that's not it, please share the error message(s) when the container does not start.
 
in pve /etc/subuid I Have

Code:
root:1000:1
root:1001:1
root:1002:1
root:1003:1
root:1004:1
root:1005:1
root:100000:65536
elizabeth:165536:65536
lieselotte:231072:65536
syncthing:296608:65536
The 3 last entries where automattically added


lxc-start: 118: ../src/lxc/conf.c: lxc_map_ids: 3672 newgidmap failed to write mapping "newgidmap: gid range [1004-1005) -> [1004-1005) not allowed": newgidmap 49758 0 100000 1000 1000 1000 1 1001 1001 1 1002 1002 1 1003 1003 1 1004 1004 1 1005 101005 64531
lxc-start: 118: ../src/lxc/start.c: lxc_spawn: 1791 Failed to set up id mapping.
lxc-start: 118: ../src/lxc/start.c: __lxc_start: 2074 Failed to spawn container "118"
lxc-start: 118: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: 118: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority o
 
Ok thanks in /etc/subgid I had forgotten the 1004 so that was the reason..

why is pve adding automatically adding usernames to the /etc/subuid?
 
Bash:
# Add to /etc/pve/lxc/<container_id>.conf:
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 0
lxc.idmap: g 1001 101001 0
lxc.idmap: u 1001 1001 1
lxc.idmap: g 1001 1001 1
lxc.idmap: u 1002 101002 0
lxc.idmap: g 1002 101002 0
lxc.idmap: u 1002 1002 1
lxc.idmap: g 1002 1002 1
lxc.idmap: u 1003 101003 0
lxc.idmap: g 1003 101003 0
lxc.idmap: u 1003 1003 1
lxc.idmap: g 1003 1003 1
lxc.idmap: u 1004 101004 0
lxc.idmap: g 1004 101004 0
lxc.idmap: u 1004 1004 1
lxc.idmap: g 1004 1004 1
lxc.idmap: u 1005 101005 0
lxc.idmap: g 1005 101005 0
lxc.idmap: u 1005 1005 1
lxc.idmap: g 1005 1005 1
lxc.idmap: u 1006 101006 64530
lxc.idmap: g 1006 101006 64530

# Add to /etc/subuid:
root:1000:1
root:1001:1
root:1002:1
root:1003:1
root:1004:1
root:1005:1

# Add to /etc/subgid:
root:1000:1
root:1001:1
root:1002:1
root:1003:1
root:1004:1
root:1005:1

This will work if you want yo map UID in CT 1000>1000 UID on Host
1001>1001
1002>1002
1003>1003
1004>1004
1005>1005
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!