I need some help with my setup please, I am fairly new to selfhosting and the information I found searching hasn’t helped me understand what is wrong. But I have miniPC running proxmox with all my stuff running jellyfin/arr stack etc. I then have another machine running my file share using SMB (maybe this is the wrong way to do it). I can add the share to my datacenter in proxmox and see it and but I cannot get my unprivileged container to write to the share. I can get privileged containers to write when I mount using cifs but this I read this is bad practice.
I have changed permissions on the file share to try give write access, I have tried Option 3 from this link I have been through this reddit thread and others.
Should I just make the lxc’s that need to access the file privileged or is there something I am just not understanding here. I assumed this would be a fairly common setup and be fairly easy to configure but I am often wrong.
You must log in or # to comment.
That reddit thread is horrible advice, it’s just mapping the LXC root user to the host root user, which is just a privileged LXC with extra steps (and maybe less secure).
The reason you’re probably having issues is that your root user in the LXC is mapped to the host user 100000 by default, and that user doesn’t have access to the share, but you can change that with mount options or creating a user with 100000:100000 and adding it to a group with access.
This makes sense, I’ll investigate this when I’m back home.
Can the host itself write to the file share? You can check this by trying to create a file in it via the host’s shell. If it can’t write to it the container won’t be able to either.
I’m leaving this here for continuity, but don’t follow what I said here. I have my containers set as privileged. I was wrong.
I have a server that runs Proxmox and a server that runs TrueNAS, so a very similar setup to yours. As long as your LXC is tied to a network adapter that has access to your file server (it almost certainly is unless you’re using multiple NICs and/or VLANs), you should be able to mount shares inside your LXC just like you do on any other Linux machine.
Can you ping your fileserver from inside the container? If so, then the issue is with the configuration in the container itself. Privileged or unprivileged shouldn’t matter here. How are you trying to mount the CIFS share?
Edit: I see that you’re mounting the share in Proxmox and mapping it to your container. You don’t need to do this. Just mount it in the container itself.
I can ping the fileserver and reach I can map the drive from calibre for example but it does not have write persmissions.
Maybe I am mounting incorrectly I mounted with
mount -t cifs username=username \\fileserverIP\folder \mnt\smb_shareThis works for 1 of my lxc that is privileged but does not work the unprivileged ones
I’m sorry, I think I gave you bad information. I have my containers set to unprivileged=no. I forgot about the “double negative” in how that flag was described.
So apparently my containers are privileged, so I don’t think I’ve ever tried to do what you are doing.
Can you mount SMB shares in unprivliged containers? I thought that was blocked.
I believe you’re correct. I didn’t realize that I had my containers set to privileged. That would explain why I’ve never had issues with mounting shares.
Is their a reason why you want to run cifs? I would run NFS3, it’s much faster plus smb /cifs is more for file share between windows and Linux.
There is no reason as far as I learn more this was probably not the best way to set it up but I was just following guides to learn. The goal in the future is to build a bigger storage server and run something like TrueNas. I will look into NFS3 though it could solve some of my problems with the current setup.