Only "local" group allowed for daemon.user.group

kees · August 26, 2022, 1:08pm

LXD allows non-privileged users to run lxc commands. You can do that by specifying the daemon.user.group.

However, when I try that with a group from FreeIPA/SSSD it doesn’t work. There is no error message, but the file /var/snap/lxd/common/lxd-user/unix.socket remains owned by root.lxd. It only works with a group that is present in /etc/group.

Is this a problem/limitation of lxd or snap?

kees · August 26, 2022, 1:31pm

Could it be related to this: Easy multi-user LXD setup - Desktop - Ubuntu Community Hub ?

tomp · August 26, 2022, 2:09pm

Any thoughts @stgraber sounds like it could be snap limitation?

stgraber · August 26, 2022, 4:57pm

Quite likely as the chown occurs from within the snap environment and in that environment, it’s unable to resolve the group name.

Setting the config key to the group id instead may work.

kees · August 29, 2022, 6:36am

Too bad, setting the group with a numeric value does not work either.