Id mapping shared directory user and root access

LXD
1

I would like to mount a folder ~/homes/stretch-x86_64/ to /home/fassbinb in one/multiple containers.
The problem however is that not only the user but also root shall be able to write to this directory, for example if I run:

container $ ls -alh
drwxr-xr-x 2 fassbinb nogroup 4.0K Mar 19 13:36 .
drwxr-xr-x 4 root     root    4.0K Mar 19 13:36 ..
# creating a directory as user works fine, however as root it fails
container $ mkdir non-root
container $ sudo mkdir root-dir
mkdir: cannot create directory ‘root-dir’: Permission denied

What would be the best way to solve this? I tried also to map both 0 0 but didn’t have any luck.

Here are some config details:

$ id -a                                                                                             
uid=83265(fassbinb) gid=100(users) groups=100(users),129(lxd)

$ cat /etc/subuid      
lxd:100000:65536
root:100000:65536
lxd:83265:100
root:83265:100

$ cat /etc/subgid
lxd:100000:1000000000
root:100000:100000000

$ lxc profile show rlx-fassbinb-default                 
config:
  raw.idmap: |
    uid 83265 5000
    both 0 0
  raw.lxc: lxc.apparmor.profile=unconfined
  user.user-data: |
    #cloud-config
    apt_preserve_sources_list: true
    users:
    - name: fassbinb
      shell: /bin/bash
      ssh-authorized-keys: [...]
      sudo: ['ALL=(ALL) NOPASSWD:ALL']
      uid: '5000'
description: ""
devices: {}
name: rlx-fassbinb-default
used_by: ...

$ lxc config show CONTAINER
architecture: x86_64
config:
  image.description: ...
  image.os: debian
  image.release: stable
  volatile.base_image: ...
  volatile.eth0.hwaddr: ...
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":true,"Hostid":0,"Nsid":0,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":100001,"Nsid":1,"Maprange":4999},{"Isuid":true,"Isgid":false,"Hostid":83265,"Nsid":5000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":105001,"Nsid":5001,"Maprange":60535},{"Isuid":true,"Isgid":true,"Hostid":0,"Nsid":0,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":100001,"Nsid":1,"Maprange":99999999}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":5000},{"Isuid":true,"Isgid":false,"Hostid":83265,"Nsid":5000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":105001,"Nsid":5001,"Maprange":60535},{"Isuid":false,"Isgid":true,"Hostid":0,"Nsid":0,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":100001,"Nsid":1,"Maprange":99999999}]'
  volatile.last_state.power: RUNNING
devices:
  sharedhome:
    path: /home/fassbinb
    source: /home/users/fassbinb/homes/stretch-x86_64
    type: disk
ephemeral: false
profiles:
- default
- rlx-fassbinb-default
stateful: false
description: ""
2

Apparently changin the /etc/subgid to:

cat /etc/subgid
lxd:100000:1000000000
root:100000:100000000
lxd:100:1
root:100:1

Fixed the issue :slight_smile:

image