Need ID mapping root and user in container to same user in host

EDIT: I began this question with a different title, but I think I can now focus the question.

What I need is to map my root user and my non-root user to one user ID in the host, so I can have read-write access to a mounted directory from both users. I’ve tried using

lxc config set t7 raw.idmap="both 1000 1000"

and it works for the non root user. I can access the directories and files with permissions for 1000:1000 in host.

lxc config set t7 raw.idmap="both 1000 0"

works for the root user

But if I try

echo -en "both 1000 0\nboth 1000 1000" | lxc config set t7 raw.idmap -

Then, when trying to restart the container I get this:

Error: Failed to run: /usr/bin/lxd forkstart t4 /var/lib/lxd/containers /var/log/lxd/t4/lxc.conf: exit status 1
Try `lxc info --show-log t4` for more info

and

lxc t4 20221026044552.864 ERROR    conf - ../src/lxc/conf.c:lxc_map_ids:3672 - newuidmap failed to write mapping "newuidmap: write to uid_map failed: Invalid argument": newuidmap 392559 0 1000 1 1 1000001 999 1000 1000 1 1001 1001001 64535
lxc t4 20221026044552.864 ERROR    start - ../src/lxc/start.c:lxc_spawn:1788 - Failed to set up id mapping.
lxc t4 20221026044552.864 ERROR    lxccontainer - ../src/lxc/lxccontainer.c:wait_on_daemonized_start:877 - Received container state "ABORTING" instead of "RUNNING"
lxc t4 20221026044552.864 ERROR    start - ../src/lxc/start.c:__lxc_start:2107 - Failed to spawn container "t4"
lxc t4 20221026044552.865 WARN     start - ../src/lxc/start.c:lxc_abort:1036 - No existe el proceso - Failed to send SIGKILL via pidfd 17 for process 392559
lxc 20221026044552.923 ERROR    af_unix - ../src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Conexión reinicializada por la máquina remota - Failed to receive response
lxc 20221026044552.923 ERROR    commands - ../src/lxc/commands.c:lxc_cmd_rsp_recv_fds:128 - Failed to receive file descriptors for command "get_state"

You can find more info in the first post, that is copied below.

What am I doing wrong?



Hello. I need some help with this.

I’ve tried to follow this guide https://www.cyberciti.biz/faq/how-to-add-or-mount-directory-in-lxd-linux-container/

I’ve mounted a host directory in my container.

My user in host is ‘admin’ (1000:1000)

My /etc/subuid and /etc/subgid are

root:1000000:65536
root:1000:1

I’ve done:

lxc config set t7 raw.idmap "both 1000 1000"

lxc restart t7

Added user ‘admin’ (1000:1000) into the container

Exited container and

lxc config device add t7 storage disk source=/mnt/storage/ path=/mnt/storage/

And then enter the container and navigate to /mnt/storage/data/media

drwxr-xr-x 5 admin admin 4096 Sep 13 13:05 media

$ touch test
touch: cannot touch 'test': Permission denied

If a do su admin, then I can do touch test.

Exiting the container the permissions are the same

drwxr-xr-x 5 admin autologin 4096 Sep 13 13:05 media

(autologin is gid 1000 in my host)

Why the container root user is unable to write in this directory? How to fix it?

I need it because some docker containers (like atmoz/sftp) I’m trying to use into the container are not able to write to the directory.

This is not possible AFAIK. So what I did?

lxc config set t7 raw.idmap "both 1000 0"

This maps my user in the host (1000:1000) to the root user into the LXD container.

What did I get?: my docker containers running inside the LXD container can manage devices and resources as root, and they can access all the directory binds that I need (owned by user 1000:1000 in the host).