Sudo access on a container

Hello everyone, i have a problem with containers. I am using Arch-linux , i have complete sudo access to all servers,laptops and VMs which are a part of the same server that i work on. surprisingly i dont have sudo access on containers! i am in group of admin and sudoers but it just doesn’t let me to run any command with sudo. and shows me this error : Sorry, user <Name> may not run sudo on <name of the container>
when i run id , it shows my uid but not my uid as an admin, ( groups: admin) which i guess it can be a probme with user identifires inside the container.
any Idea?
Thanks in advance

Are you accessing the instance with lxc shell $instance, lxc exec $instance -- bash or some lxc exec variant?

Yes i have access to instance’s bash by: sudo lxc exec $instance —bash

Once in the instance with that command, you can probably switch to your “normal” user using su - $user. This will ensure that the $user gets it’s supplementary groups (like the admin one) configured. The supplementary group handling is not happening when you simply lxc exec into an instance.

i tried that either, it didn’t help. i switched to my user and it still doesnt let me run any command with sudo . by the way admin group has to give me the whole access and when i check it by getent group | grep admin my user is there! but still it doen’t let me to run sudo .

If id | grep -Fw admin works, maybe the issue is with the sudoers rule?

it can’t be, because they wok fine with VMS , servers and laptops. my guess is about ID mapping. i found this which i belive it makes the problem :
❯ cat /etc/lxc/default.conf
lxc.net.0.type = empty
lxc.idmap = u 0 100000 2000000000
lxc.idmap = g 0 100000 2000000000
❯ cat /etc/subuid
root:100000:2000000000
admin:100000:2000000000
❯ cat /etc/subgid
root:100000:2000000000
admin:100000:2000000000
i changed them to 100000:65536 but i got error when i tried to restart the container.

The LXD snap doesn’t use /etc/subuid nor /etc/subgid so I don’t think that’s related.

when i run $id it should show me 7 id es, uid, gid, groups ( 5 different groups) . but inside the container it just shows me 5 different id es, uid,gid ,groups(3 different groups) . one of the groups that missing is group admin which is give me sudo privilages. while as i said getent shows me that i am in the group of admin.

i am using network authentication, can it be the problem?

It looks like the problem you are facing is a configuration issue more than a container/LXD problem.

i actually find a way to add my self to the admins group which gives me sudo access by : newgrp admins. it even doesn’t need sudo. but the problem is that every time i am login and logout i loss my access and i have to do it again.
it looks like a timing problem. when i am login it doesn’t underestand i am in that group. but after beacuse i am in the group i can add my self easily. still looking for a way to make it permenant

Hi,
I have not familiar with Archlinux and if I understand the post well, you can achieve like that.
In container.

useradd admin -m -s /bin/bash --> create admin user
usermod -aG wheel admin --> add admin user to the wheel group
passwd admin --> assign a password to the admin user

Then, modify the /etc/sudoers file with visudo and uncomment the wheel line, save and exit.
When you access the container like that lxc shell <container_name> -- su admin you can make whatever you want with admin user with entering the password. I hope I understand and replied with the correct answer.
Regards.

it is actually solved my problem. i add my selfe to the wheel. but i couldn’t find out the reason why i didn’t have sudo access before that, because i was in the admins and admins was in the wheel.