User's home dir is owned by 'nobody' and cannot chown

L

lukyjay

Member
Aug 18, 2020
25
5
23
Hi

If I create a new unprivileged Debian 12 container, I'm unable to create a new user with a home directory that can be owned by that user. Any help would be appreciated :)

Steps to recreate:
  1. Create a new Debian 12 unprivileged container
  2. Edit the LXC file (per below)
  3. Start it
  4. In the container:
    1. useradd -u 1000 -m --shell=/usr/bin/bash jayden
    2. usermod -aG sudo jayden
    3. apt install sudo
    4. passwd jayden
UID for Jayden is 1000

Here's the error:
Code: 
root@actual:/home# ls -l
total 4
drwxr-xr-x 2 nobody nogroup 4096 Jan  5 07:58 jayden
root@actual:/home# chown -R jayden:jayden jayden/
chown: changing ownership of 'jayden/.bashrc': Operation not permitted
chown: changing ownership of 'jayden/.profile': Operation not permitted
chown: changing ownership of 'jayden/.bash_logout': Operation not permitted
chown: changing ownership of 'jayden/': Operation not permitted

My LXC config:
Code: 
arch: amd64
cores: 1
features: nesting=1
hostname: actual
memory: 4098
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.1,hwaddr=BC:24:11:95:7A:89,ip=192.168.1.107/24,type=veth
ostype: debian
rootfs: datanvme0n1:vm-107-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

The above uid/gid mapping works fine in my other containers (copy pasted). Here's my sugid and subuid files:
Code: 
root:100000:65536
root:1000:1
 
Last edited:
Confirmation of the UID/GID working:
root@actual:/home# id jayden
uid=1000(jayden) gid=1000(jayden) groups=1000(jayden)

Also, I have created a test file, on a mounted share then gone to the Proxmox host and can see that it was created by UID/GID 1000 so I believe that part is working.
 
Ok seems this is a common issue and there are a few other threads so I believe Proxmox could benefit from adding some information to the support pages (I couldn't find anything).

My fix was to create the CT like this (and in this exact order):
  1. Create the CT but dont start it
  2. Add your UID/GID mapping to the lxc config
  3. Start the container and add your user
  4. Create the home directory and chown it to your new user
  5. usermod -d /home/newdirectory username
Seems to work now
 
Hey, thanks for this. I was super confused here when i mapped guids and uids after i had created users. I didn't know that the order of operations messed with things like this.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom