[SOLVED] Was behaviours of bind-mounted folder changed?

[Sandbo]

Hi,

I am trying to set up two unprivileged containers, one with SSH access, the second with a Samba server.
Both LXCs have bind mount to the same directory on host.
The idea is, I will drop files into the bind-mounted folder from a Windows client using WinSCP though the SSH LXC,
and the files will then be read-only from the Samba LXC when opening through the bind-mounted location on the Samba LXC.

This uses to be the case where the files created by one unprivileged LXC is only readable but not deletable by another unprivileged LXC.
However, now I realize any files created by either the SSH/Samba LXC can now be deleted by the other LXC.

Is this a new behaviour, or did I miss anything?
I wonder if I want to perform what I used to, is there a way to do so?

Many thanks.

 

[Sandbo]

A partial update after some attempts:
Apparently, if the two LXC shared the same UID, their host UID will be the same, e.g. 101000,
thus no isolation will be achieved as from host the two files/folders were created thus accessible by the same user.

If I created a second user in one of the LXC, then the files/folders created by that user, will be read-only by the first user of both LXCs.
Seemingly a solution is to use a different user, but I think merely doing this might not be secure sufficiently, as a hacker having access to the LXC might try different UID until they hit the same one.

Could this be mitigated by limiting the range of assigned UID:GID of an LXC in the host?

 

[Sandbo]

I hope I have solved it the right way:
I changed the UID:GID assignment range of my SSH LXC to start from 200000 instead,
and by assigning the folders with 1777 permission, now I can share the files between the LXC while preventing one from deleting/modifying files created by each other.