I followed a bunch of suggestions and tried to adapt them to my situation, but cannot seem to get this right…
Goal: Have a group of users in containers be allowed to write to certain directories on the host
What I tried:
[container ‘test’]
addgroup -gid 2000 hostwrite – create ‘hostwrite’ group
usermod -aG hostwrite ubuntu – add ‘ubuntu’ user to group ‘hostwrite’
[host]
addgroup -gid 1100 lxdshare – create share group
usermod -aG lxdshare myuser – add myself to the share group
mkdir /mnt/share – create directory on host
chgrp lxdshare /mnt/share – make it owned by the lxdshare group
chmod g+wx /mnt/share – make the directory writeable by group
printf “lxd:1100:1\nroot:1100:1\n” | sudo tee -a /etc/subgid – allow remapping of lxdshare group id in /etc/subgid
lxc config test set raw.idmap “gid 1100 2000” – map host group id 1100 to container group id 2000
lxc config device add test share disk source=/mnt/share path=/share – map host /mnt/share to container /share
systemctl restart lxd – restart LXD
lxc restart test – restart ‘test’ container
Now when I log in as ‘ubuntu’ into container ‘test’ and look at /share, it says:
drwxrwxr-x 3 nobody hostwrite … share
The ‘nobody:hostwrite’ instead of the ‘nobody:nobody’ makes me think things worked out, but when i try to write to the directory, I get an error:
touch: cannot touch ‘/share/testfile’: Permission denied
Am I missing something? Any thoughts?