User's home dir is owned by 'nobody' and cannot chown

[lukyjay]

Hi

If I create a new unprivileged Debian 12 container, I'm unable to create a new user with a home directory that can be owned by that user. Any help would be appreciated

Steps to recreate:

1. Create a new Debian 12 unprivileged container
2. Edit the LXC file (per below)
3. Start it
4. In the container:
   1. useradd -u 1000 -m --shell=/usr/bin/bash jayden
   2. usermod -aG sudo jayden
   3. apt install sudo
   4. passwd jayden

UID for Jayden is 1000

Here's the error:

root@actual:/home# ls -l
total 4
drwxr-xr-x 2 nobody nogroup 4096 Jan  5 07:58 jayden
root@actual:/home# chown -R jayden:jayden jayden/
chown: changing ownership of 'jayden/.bashrc': Operation not permitted
chown: changing ownership of 'jayden/.profile': Operation not permitted
chown: changing ownership of 'jayden/.bash_logout': Operation not permitted
chown: changing ownership of 'jayden/': Operation not permitted

My LXC config:

arch: amd64
cores: 1
features: nesting=1
hostname: actual
memory: 4098
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.1,hwaddr=BC:24:11:95:7A:89,ip=192.168.1.107/24,type=veth
ostype: debian
rootfs: datanvme0n1:vm-107-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

The above uid/gid mapping works fine in my other containers (copy pasted). Here's my sugid and subuid files:

root:100000:65536
root:1000:1

 

[lukyjay]

Confirmation of the UID/GID working:
root@actual:/home# id jayden
uid=1000(jayden) gid=1000(jayden) groups=1000(jayden)

Also, I have created a test file, on a mounted share then gone to the Proxmox host and can see that it was created by UID/GID 1000 so I believe that part is working.

 

[lukyjay]

Ok seems this is a common issue and there are a few other threads so I believe Proxmox could benefit from adding some information to the support pages (I couldn't find anything).

My fix was to create the CT like this (and in this exact order):

1. Create the CT but dont start it
2. Add your UID/GID mapping to the lxc config
3. Start the container and add your user
4. Create the home directory and chown it to your new user
5. usermod -d /home/newdirectory username

Seems to work now

 

[SkepticNerdGuy]

Hey, thanks for this. I was super confused here when i mapped guids and uids after i had created users. I didn't know that the order of operations messed with things like this.

 

[jdesousa]

Ok seems this is a common issue and there are a few other threads so I believe Proxmox could benefit from adding some information to the support pages (I couldn't find anything).

My fix was to create the CT like this (and in this exact order):

1. Create the CT but dont start it
2. Add your UID/GID mapping to the lxc config
3. Start the container and add your user
4. Create the home directory and chown it to your new user
5. usermod -d /home/newdirectory username

Seems to work now

Many thanks for this info, it's been driving me mad trying to resolve this!

 

[susancparker]

Hi

If I create a new unprivileged Debian 12 container, I'm unable to create a new user with a home directory that can be owned by that user. Any help would be appreciated

Steps to recreate:

1. Create a new Debian 12 unprivileged container
2. Edit the LXC file (per below)
3. Start it
4. In the container:
   1. useradd -u 1000 -m --shell=/usr/bin/bash jayden
   2. usermod -aG sudo jayden
   3. apt install sudo
   4. passwd jayden

UID for Jayden is 1000

Here's the error:

root@actual:/home# ls -l
total 4
drwxr-xr-x 2 nobody nogroup 4096 Jan  5 07:58 jayden
root@actual:/home# chown -R jayden:jayden jayden/
chown: changing ownership of 'jayden/.bashrc': Operation not permitted
chown: changing ownership of 'jayden/.profile': Operation not permitted
chown: changing ownership of 'jayden/.bash_logout': Operation not permitted
chown: changing ownership of 'jayden/': Operation not permitted

My LXC config:

arch: amd64
cores: 1
features: nesting=1
hostname: actual
memory: 4098
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.1,hwaddr=BC:24:11:95:7A:89,ip=192.168.1.107/24,type=veth
ostype: debian
rootfs: datanvme0n1:vm-107-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

The above uid/gid mapping works fine in my other containers (copy pasted). Here's my sugid and subuid files:

root:100000:65536
root:1000:1

Edit by poppy playtime chapter 3 a day ago

To solve the problem of not being able to create a user with a home directory that is not owned by you, you can use this method in a Debian 12 container without permission, you can do the following steps:

• Create Container but do not start it: First, create the container but do not start it immediately.
• Add UID/GID configuration: Edit the LXC configuration file to add the UID/GID mapping for the user you want to create.
• Start Container: Start the container after adding the UID/GID configuration.
• Add User: Use the useradd command to create a new user in the container.
• Create Home Directory: Create a home directory for that user and use the chown command to change the ownership of the directory to the new user.
• Edit Home Directory: Use the command usermod -d /home/newdirectory username to set the correct home directory for the user.

Following the steps in the order above will help you fix this error faster.