yet another lxc bind mount dump question

[proxman4]

Hi friends hope you're doing well.

After reading this very usefull (not enough for my dumb person) explanation on bind mounts for unprivileged containers on proxmox ( + this ) i got this silly question.

i always need a real life example.

Hope some cool person will kindly give me a hint.

I got a zfs dataset on host:

opyhdd/nextcloud_data                       1.49T  2.90T     1.49T  /mnt/pve/nfs/opyhdd/nextcloud_data

it is used as a nfs server to share to some vm guests. It has those permissions in the host www-data =uid 33 :

drwxrwx---  6 www-data www-data  8 Sep 13  2022 nextcloud_data

and those in the guest vm (not lxc) www-data =uid 33 :

rwxrwx---  6 www-data www-data    8 sept. 13  2022 nextcloud-data

I need to share this dataset with an unprivileged lxc container .

let's say i have administrator user with uid/gid : 1000 in the unprivileged lxc :

useradd -u 1000 -m -s /usr/bin/bash administrator

if i understand correctly i need to change the permissions on the host :

chown -R 101000:101000 mnt/pve/nfs/opyhdd/nextcloud_data

that look fun and all but is it risky at some point to break the nfs server and the permissions on the guest vm ?

i'm too lazy to mount some lab to try this out and figured that someone got a really quick and dirty answer for me.

Thank you and have a nice day.

 

[proxman4]

Hi friends hope you're doing well.

After reading this very usefull (not enough for my dumb person) explanation on bind mounts for unprivileged containers on proxmox ( + this ) i got this silly question.

i always need a real life example.

Hope some cool person will kindly give me a hint.

I got a zfs dataset on host:

opyhdd/nextcloud_data                       1.49T  2.90T     1.49T  /mnt/pve/nfs/opyhdd/nextcloud_data

it is used as a nfs server to share to some vm guests. It has those permissions in the host www-data =uid 33 :

drwxrwx---  6 www-data www-data  8 Sep 13  2022 nextcloud_data

and those in the guest vm (not lxc) www-data =uid 33 :

rwxrwx---  6 www-data www-data    8 sept. 13  2022 nextcloud-data

I need to share this dataset with an unprivileged lxc container .

let's say i have administrator user with uid/gid : 1000 in the unprivileged lxc :

useradd -u 1000 -m -s /usr/bin/bash administrator

if i understand correctly i need to change the permissions on the host :

chown -R 101000:101000 mnt/pve/nfs/opyhdd/nextcloud_data

that look fun and all but is it risky at some point to break the nfs server and the permissions on the guest vm ?

i'm too lazy to mount some lab to try this out and figured that someone got a really quick and dirty answer for me.

Thank you and have a nice day.

i put this question in wrong categorie. If some @mod would be kind enough to fix this. Thanks

 

[Stoiko Ivanov]

i put this question in wrong categorie. If some @mod would be kind enough to fix this. Thanks

gladly done!

As for your question - If you want to use a share both inside a unprivileged container as well as on your host (or privileged container, or with a local user on your nfs-server) - mapping the particular UID/GID the files are stored with - with lxc.idmap entries and the fitting entries in /etc/subuid, /etc/subgid - as explained in https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
might be a good starting point.

 

[proxman4]

Thank you for this . Sorry for the other time dimension delay. I'll dig this a little more to get a fonctionnal setup.