Proxmox LXC container can't write to mount, how do I properly map the UID and GID?

Question

Hello everyone,

I'm biting my teeth out since days to properly map a user ID from my PVE host into my LXC.

My situation:

I'm running Proxmox Virtual Environment 7.2-11.

I do want to run my Nextcloud instance inside an unprivileged LXC and I do have a separate HDD to store all the cloud data on. Since there is no solution to pass through a drive to a LXC container, I need to create a mount point from my host into the LXC container, which worked perfectly fine.

Current state

This is the command I used to create the mount point.

$ pct set 107 -mp0 /media/disk3t0,mp=/media/disk3t0

Then I created an extra user named Nextcloud on the host and inside the LXC. Both got the UID 1000 and GID 1000. I then want to add the www-data user inside the LXC to the group nextcloud to allow write access to the mount.

On the PVE host I changed the owner of my mount to the newly created nextcloud user.

What I'm trying to achieve the proper UID and GID mapping

I added the following to my /etc/pve/lxc/107.conf

lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

and the follwing to /etc/subuid

nextcloud:1000:1

and the follwing to /etc/subgid

nextcloud:1000:1

But the LXC won't start, this is the error it is giving me:

lxc-start 107 20221018170016.702 ERROR conf - ../src/lxc/conf.c:lxc_map_ids:3672 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [1000-1001) not allowed": newuidmap 16 46187 0 100000 1000 1000 1000 1 1001 101001 64535

lxc-start 107 20221018170016.702 ERROR start - ../src/lxc/start.c:lxc_spawn:1791 - Failed to set up id mapping.

lxc-start 107 20221018170016.702 ERROR start - ../src/lxc/start.c:__lxc_start:2074 - Failed to spawn container "107"

lxc-start 107 20221018170017.906 ERROR lxc_start - ../src/lxc/tools/lxc_start.c:main:306 - The container failed to start

lxc-start 107 20221018170017.906 ERROR lxc_start - ../src/lxc/tools/lxc_start.c:main:311 - Additional information can be obtained by setting the --logfile and --logpriority options

Now I'm just totally stuck and don't know what to try next.

Those are all blogs and posts I found in the web that address somehow the same issue:

• https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
• https://forum.proxmox.com/threads/lxc-with-mount-folder-and-no-permissions-to-write-files.82562/
• https://kcore.org/2022/02/05/lxc-subuid-subgid/

Answer 1

Have you tried appending (without removing what is originally in the file) root:1000:1 to the following files like so:

/etc/subgid:

root:100000:65536
# custom user group
root:1000:1

/etc/subuid:

root:100000:65536
# custom user
root:1000:1

Source: https://forum.proxmox.com/threads/newuidmap-uid-range-1100-1101-1100-1101-not-allowed.73414/post-417184