Writing a container www-data folder from my host as my host user

(Stuart Langridge) #1

I have a simple lxd container running Ubuntu 16.04, in which I have WordPress installed in /var/www/html, owned by www-data. This all works. I’d like to be able to edit files in that container:/var/www/html folder from my host machine, as my user, and I don’t know how best to do that. There are various bits of documentation around about mounting host folders in the container as a device, but they seem to be oriented around mounting my whole host home folder into the container, and around my personal host user being able to access the container’s ubuntu user. What I’d like is that a folder host:/home/me/wp-project and the folder container:/var/www/html are the same folder, and that host:/home/me/wp-project is owned by host:me (uid 1000) and container:/var/www/html is owned by container:www-data (uid 33). What’s the best way to achieve this?

(Stéphane Graber) #2

So the way you’d do this is with something like:

  • mkdir /home/me/wp-project and chown to 1000:1000
  • setup raw.idmap on the container mapping uid/gid 1000 on the host to 33 in the container
  • setup a disk against the container with /home/me/wp-project as the source and /var/www/html as the destination in the container
stgraber@castiana:~$ mkdir /home/stgraber/www
stgraber@castiana:~$ sudo chown 1000:1000 /home/stgraber/www
stgraber@castiana:~$ sudo touch /home/stgraber/www/blah
stgraber@castiana:~$ sudo chown 1000:1000 /home/stgraber/www/blah

stgraber@castiana:~$ lxc init ubuntu:16.04 web
Creating web
stgraber@castiana:~$ lxc config device add web www disk source=/home/stgraber/www path=/var/www/html
Device www added to web
stgraber@castiana:~$ lxc config set web raw.idmap "both 1000 33"
stgraber@castiana:~$ lxc start web

stgraber@castiana:~$ ls -l /home/stgraber/www
total 1
-rw-r--r-- 1 1000 1000 0 Mar  7 13:40 blah

stgraber@castiana:~$ lxc exec web -- ls -lh /var/www/html/
total 512
-rw-r--r-- 1 www-data www-data 0 Mar  7 12:40 blah

Note that in my case my user isn’t 1000:1000 so that’s why I needed the sudo and chown above. In your case those won’t be needed and it’ll show as your own user.

If the above causes your container to fail to start, that’d be because you’re using the LXD deb instead of the snap, in which case you also will need to add the following line:


To those two files:

  • /etc/subuid
  • /etc/subgid

(The snap doesn’t use shadow’s newuidmap/newgidmap and so doesn’t need that particular bit of configuration)

(Stuart Langridge) #3

Haha that’s excellent. Cheers!