I’m using proxmox, and like many, I’d have some bind mounts I’d like to share between a number of LXC containers. Also like many, I stumbled upon the problem of conflicting UIDs. I’m trying to set up mapping, but however much I read, I seem to have some major misunderstanding. Whenever I add mapping, any folder owned by the mapped user (eg home directory) will get suddenly owned by 65534/“nobody”. How is this possible? I thought maps only have an effect on the host/outside the container? (as in files in bind mounts)
I’m trying to use mapping like this (generated by a python util)
lxc.idmap: u 0 100000 999
lxc.idmap: g 0 100000 999
lxc.idmap: u 999 999 1
lxc.idmap: g 999 999 1
lxc.idmap: u 1000 101000 4000
lxc.idmap: g 1000 101000 4000
lxc.idmap: u 5000 5000 1
lxc.idmap: g 5000 5000 1
lxc.idmap: u 5001 105001 60536
lxc.idmap: g 5001 105001 60536
And alternatively this, as seen in many wikis
lxc.idmap = u 0 100000 999
lxc.idmap = g 0 100000 999
lxc.idmap = u 999 5000 1
lxc.idmap = g 999 5000 1
lxc.idmap = u 5000 101000 64536
lxc.idmap = g 5000 101000 64536
Both with the same effect.
On the host /etc/sub{u,g}id:
root:100000:65536
root:999:1
root:5000:1
As an alternative, would it be feasible/recommended to set an ACL in each container, and set the masks of mounted folders in each to rw-rw-rw? This way the different id-s would be irrelevant.