Mh, I think this is dangerous as you may break other permissions, I’ve tried to be a bit more selective myself, and error by error I got how to get it working:
#!/bin/sh
# Change these values to match your configuration!
CONTAINER_VOLUME="/share/CACHEDEV3_DATA"
CONTAINER_FOLDER="Container"
if [ -z "$1" ] || [ -z "$2" ]; then
echo "Use as $0 [set|unset] <UID>"
exit 1
fi
userid="$2"
if [ "$1" == "set" ]; then
# setfacl -R -m user:$userid:rx /share/CACHEDEV3_DATA/.qpkg/container-station
setfacl -m user:$userid:rx "$CONTAINER_VOLUME"/.qpkg/container-station
setfacl -m user:$userid:rx "$CONTAINER_VOLUME"/.qpkg/container-station/lib
setfacl -m user:$userid:rx "$CONTAINER_VOLUME"/.qpkg/container-station/var
setfacl -R -m user:$userid:rx "$CONTAINER_VOLUME"/.qpkg/container-station/usr
setfacl -m user:$userid:rx "$CONTAINER_VOLUME/$CONTAINER_FOLDER"
setfacl -m user:$userid:rx "$CONTAINER_VOLUME/$CONTAINER_FOLDER"/container-station-data/lib
setfacl -m user:$userid:rx "$CONTAINER_VOLUME/$CONTAINER_FOLDER"/container-station-data/lib/lxd
setfacl -m user:$userid:rx /var/lib/lxd
setfacl -m user:$userid:rx /var/lib/lxd/containers
setfacl -m user:$userid:rx /var/lib/lxd/devices
setfacl -m user:$userid:rx /var/lib/lxd/shmounts
setfacl -m user:$userid:rx /var/lib/lxd/snapshots
setfacl -m user:$userid:rx /var/lib/lxd/storage-pools
setfacl -m user:$userid:rx /var/lib/lxd/storage-pools/default/containers
elif [ "$1" == "unset" ]; then
setfacl -R -x user:$userid "$CONTAINER_VOLUME"/.qpkg/container-station
setfacl -R -x user:$userid "$CONTAINER_VOLUME/$CONTAINER_FOLDER"
setfacl -R -x user:$userid /var/lib/lxd/
setfacl -x user:$userid /var/lib/lxd
else
echo "Invalid operation"
exit 1
fi
With this script only the needed folders have the access bit for the non-root user, so by default you can use it in a way such as :
sudo ./change-permissions-for-unprivileged-container.sh set 1000000
While use the unset command to reset them.