Mounting shared folders in containers

Hi, I am running LXD on a Ubuntu 22.04 host, on a ZFS pool.

My intended use case is to provide users with individual containers that they would ssh into, with mounted shared folders. Each container would only be configured with the account of that particular user.

Suppose I have two groups of users g1 and g2, with g1 being admin users that should have read/write access to a shared folder, and g2 being regular users that I would still want to provide sudo rights to within the container, but should only have read/write access to certain files/subfolders, with the rest being read-only, in the shared folder. Neither of these groups g1, g2 would have access to the host.

I am somewhat stuck now in trying to configure this, and wondering if it is even possible. I have enabled shiftfs on the LXD daemon, and mounted the shared folder into a container as an LXC disk device with shift=true, but then realised that files created by user u1:u1 on the host would show up as being owned by user u2:u2 on the container. This seems like it could potentially also lead to the same files being shown as owned by another user u3:u3 in another container.

I think using the instance’s raw.idmap setting (either directly on the instance or via the profile) may help here as it would allow you to specify manual mappings that wouldn’t need the shiftfs option being used.

See linux - Syntax for setting LXD Container raw.idmap - Super User for examples.