Need Help with Write Permissions for Host Folders in Incus Container

Hi everyone!

I’m currently working with Incus and facing a challenge with mounted host folders inside a container. I’ve successfully mounted two directories from my host to a container named samba-k72f using the following commands:

incus config device add samba-k72f dew disk source=/opt/dew path=/mnt/dew
incus config device add samba-k72f flask disk source=/opt/flask path=/mnt/flask

The directories /mnt/dew and /mnt/flask are accessible inside the container as intended. However, I’m unable to write to these directories from within the container; attempting to create files or modify existing ones results in permission errors.

I understand this issue might be related to user and group ID mappings between the host and the container, and I’ve explored various parts of the documentation and forums for a solution. Despite this, I’m still unclear on the best approach to enable write access for these mounted directories without compromising security.

Thank you for your help!

If your kernel is 6.2+, then try shift=true option:

incus config device add samba-k72f dew disk shift=true source=/opt/dew path=/mnt/dew
incus config device add samba-k72f flask disk shift=true source=/opt/flask path=/mnt/flask

Unfortunately shift=true is not working because I currently have kernel 6.1.0.

Then try setting up raw.idmap by hand for a container. In the command below, the value 1000 corresponds to the UID and GID of the default container user. Commands $(id -u) and $(id -g) will get your host user UID and GID.

printf "uid $(id -u) 1000\ngid $(id -g) 1000" | incus config set <container_name> raw.idmap -

This should look like this in your config:

$ incus config show <container_name>

...
raw.idmap: |-
  uid <host_user_uid> <container_user_uid>
  gid <host_user_gid> <container_user_gid>
...

Thanks @qkiel! That did the trick!