37
submitted 5 months ago by Cossty@lemmy.world to c/selfhosted@lemmy.world

I have been using linux for a couple of years already, very casually, just browser, media, games. Recently I bought dell micro pc and installed proxmox on it. I don't have a lot of hdds or raid or anything, just one 6tb usb external drive. I know, I could lose everything, but I don't have anything important in there, just media. It's a relatively new drive, so I hope it will hold for at least half a year, and then I plan to buy proper hdds.

Hdd is connected to the proxmox host with usb, and then with mount points to lxc containers. Audiobooshelf, samba, qbittorent, all containers are debian 12.

When I download book with qB lxc, it automatically shows up in audiobookshelf (abs) lxc thanks to mount points. Abs can play it but, I can't change cover, delete, move it etc, because of permissions. This screenshot is from proxmox host.

Same thing happes when I manually upload the book to audiobookshelf, then other lxc containers have problem accessing it. Or when I upload something to the server with samba.

I know how to change it with chmod and chown, but when I download new book it is the same thing again, I don't want to manually change permissions and ownership every time new folder/file appears in hdd. In lxc container I cant even change ownership, it says: "Operation not permitted" even though I have root.

This is my samba config. It's terrible and unsecure, but after 2 days of trying to make it work, I just wanted to try everything. I will probably switch to nfs, idk if it will help.

I'm really lost, idk how to make lxc containers talk to each other through those mounts points without breaking permissions/ownership. Is there some other way? Idk if there is a very simple solution and I just made fool of myself. I know that root and 777 eveywhere is bad idea, but I wanted to at least first get everything working. And I don't plan to connect anything to the internet in the near future anyways.

It's really late here, and I have to work tomorrow, so I won't be able to reply until tomorrow evening.

you are viewing a single comment's thread
view the rest of the comments
[-] 4am@lemm.ee 10 points 5 months ago* (last edited 5 months ago)

It’s UID/GID 10000 on the host because you are using an unprivileged LXC container. Unprivileged means that “root” inside the container (which is just a user space of the host with access restrictions) is user 10000 on the host - this is so that files and processes inside the container don’t run with the real UID zero, where they could plant a malicious file, or run a malicious program that escapes containment that ends up with root access on the host.

Quickest way to make this work over samba is to force user 10000 and force group 10000. That way everything connecting to Samba would see the files as their own.

Honestly the better solution is to make your software inside the containers run with a local non-root user (which would be something like 10001) and then force samba to use that. Then nothing is running as root in or out of the containers. Samba will still limit access to shares based on the samba login, but for file access purposes it will still use the read/write levels of your non-root user (because of the force- directives)

[-] Cossty@lemmy.world 1 points 5 months ago

Thx this sounds like the best solution. Definitely trying it out. Idk how well I will be able to do it, Because I didn't even made those containers myself. I just used proxmox helper scripts. Something came up today and I didn't have time again, will try it tomorrow.

this post was submitted on 09 Jun 2024
37 points (95.1% liked)

Selfhosted

40247 readers
567 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS