Hello. I followed this guide Easy multi-user LXD setup - Desktop - Ubuntu Community Hub
But I am at my wits’ end here. So at first this was my normal LXD server, after install I configured and used it for few weeks. Later I tried converting it to multi user setup. First, I tried assigning daemon.user.group to “developer”, which is an LDAP group, then it’s ID, then local group. Rebooted after each time. No luck, the same issue all the time. Updating LXD from 5.0/stable to latest/stable did not help.
FYI I use encrypted brtfs volume. lxd2 is a local group, developer is LDAP group and it’s ID is 1074. For LDAP auth on local servers I use libnss-ldapd + libpam-ldapd.
FWIW I can still create containers with my local user which is in ‘lxd’ group.
$ sudo snap set lxd daemon.user.group=developer
$ sudo snap set lxd daemon.user.group=1074
$ sudo snap set lxd daemon.user.group=lxd2
# # with the affected user
$ lxc launch images:debian/bullseye/amd64 test4
Creating test4
Error: Failed instance creation: not authorized
$ groups | grep lxd2 | wc -l
1
$ getent group developer | grep 1074 | wc -l
1
$ groups | grep developer | wc -l
1
$ lxc project list
+-------------------+--------+----------+-----------------+-----------------+----------+-------------------------------------------------------+---------+
| NAME | IMAGES | PROFILES | STORAGE VOLUMES | STORAGE BUCKETS | NETWORKS | DESCRIPTION | USED BY |
+-------------------+--------+----------+-----------------+-----------------+----------+-------------------------------------------------------+---------+
| default (current) | YES | YES | YES | YES | YES | Default LXD project | 8 |
+-------------------+--------+----------+-----------------+-----------------+----------+-------------------------------------------------------+---------+
| user-1180 | YES | YES | YES | YES | NO | User restricted project for "xxxxxxx" (1180) | 1 |
+-------------------+--------+----------+-----------------+-----------------+----------+-------------------------------------------------------+---------+
| user-1188 | YES | YES | YES | YES | NO | User restricted project for "xxxxxx.xxxx" (1188) | 1 |
+-------------------+--------+----------+-----------------+-----------------+----------+-------------------------------------------------------+---------+
$ lxc project show user-1188
config:
features.images: "true"
features.networks: "false"
features.profiles: "true"
features.storage.buckets: "true"
features.storage.volumes: "true"
restricted: "true"
restricted.containers.nesting: allow
restricted.devices.disk: allow
restricted.devices.gpu: allow
restricted.idmap.gid: "5000"
restricted.idmap.uid: "1188"
description: User restricted project for "xxxxx" (1188)
name: user-1188
used_by:
- /1.0/profiles/default?project=user-1188
$ lxc config trust list
+--------+---------------+-------------+--------------+------------------------------+------------------------------+
| TYPE | NAME | COMMON NAME | FINGERPRINT | ISSUE DATE | EXPIRY DATE |
+--------+---------------+-------------+--------------+------------------------------+------------------------------+
| client | lxd-user-1180 | root@lxd2 | 267963023ac3 | Oct 29, 2022 at 9:42pm (UTC) | Oct 26, 2032 at 9:42pm (UTC) |
+--------+---------------+-------------+--------------+------------------------------+------------------------------+
| client | lxd-user-1188 | root@lxd2 | f403a3fa31ab | Oct 29, 2022 at 8:07pm (UTC) | Oct 26, 2032 at 8:07pm (UTC) |
+--------+---------------+-------------+--------------+------------------------------+------------------------------+