Ryncd in unprivileged container mangles ownership

Hi all,

I’m trying to run rsyncd (rsync daemon) in an unprivileged container and it puzzles me.

It seems that whatever I do, the files that get sent to the rsync daemon, get uid/gid nobody/nogroup (Debian so not nobody/nobody).

I tried: chroot no, numeric-ids yes, target dir with a+rwx, uids/gids that are made accessible to the container. This is macOS Mojave ryncing to Debian 10 in a unprivileged container on Proxmox. I need a bigger brain than my own for this. At least that shouldn’t be hard. Thanks

Cheers,
FJ

Can you show the numeric uid/gid of the source files you’re sending to rsyncd, and also the output of lxc config show <instance> --expanded for your rsyncd container.

Also, are you running rsyncd as root inside the container?

And is this LXD or LXC?

Yes. For instance:
1001 1001 3 20 mei 08:35 doeg

I can’t find lxc on the Proxmox node. I did find lxc-checkconfig:

LXC version 4.0.6 Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-5.4.106-1-pve

— Namespaces —
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

— Control groups —
Cgroups: enabled
Cgroup v1 mount points:
/sys/fs/cgroup/systemd
/sys/fs/cgroup/net_cls,net_prio
/sys/fs/cgroup/cpu,cpuacct
/sys/fs/cgroup/rdma
/sys/fs/cgroup/perf_event
/sys/fs/cgroup/hugetlb
/sys/fs/cgroup/memory
/sys/fs/cgroup/blkio
/sys/fs/cgroup/devices
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/pids
/sys/fs/cgroup/freezer
Cgroup v2 mount points:
/sys/fs/cgroup/unified
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

— Misc —
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, not loaded

— Checkpoint/Restore —
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled

File capabilities:
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

OK I’ve changed the thread’s tag to be LXC as this is covering LXC.

Can you paste your container’s config file here please.

And are you running the rsyncd process as root inside the container?

Additional: I run Samba in the same container (its meant to be a fileserver), hence the uid/gid mappings, this seems to works fine from the clients in the network.

I should have used uid=0, gid=0 in the rsyncd.conf file; my bad. Like I said, I need a bigger brain.