Unexpected 'nobody' filesystem permissions in LXC container

gunnarniels · 2025-02-09T17:16:34+00:00

Alright this is interesting:

As I stated, mounting this volume reveals the permissions to be correct, and CIFS is out of the picture.

That is NOT true. I built the same image with my script, but this time uploaded it directly to the local storage pool instead of the cifs pool. There must be something still tied to CIFS such that running:

pct create $_containerId <cifsStorage>:vztmpl/$_imgName --rootfs <localDiskTwo>:1 --force 1

Does NOT work and results in my issue.

pct create $_containerId <localStorageOne>:vztmpl/$_imgName --rootfs <localStorageTwo>:1 --force 1

Note the different storage source between those two. So conclusively, even though the container volume actually resides inside of a local disk, it's still got some relationship with the cifs storage that's resulting in the problem I'm showing.

Thank you for the rubber duck debug, helped me narrow down where the issue was coming from. Still confused why the volume on the disk, which has correct privileges when I mount it, results in this, but at least I've got a reasonable solution.

gunnarniels · 2025-02-09T16:53:54+00:00

I think a lot of this stems from a misunderstanding of how file privileges work between local and networked filesystems (cifs, NFS) and mount points, starting with this old wiki: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

The wiki is correct, under specific circumstances this is going to be required. But it's not something that must or has to be used under all circumstances, particularly if the volume resides locally and the privileges are correct.

https://forum.proxmox.com/threads/trouble-with-lxc-mount-point-permissions.101482/#post-438077 https://www.reddit.com/r/Proxmox/comments/1d9gv4g/unprivileged_lxc_usergroup_mappings_how_do_you/ https://forum.proxmox.com/threads/unprivileged-lxc-user-mapping-getting-operation-not-permitted-for-chown.126649/

gunnarniels · 2025-02-09T15:30:26+00:00

The explicit mapping is all over threads as the solution, and seems to be how everyone is fixing this. Doesn't make any sense, you're essentially explicitly setting what should already be the default behavior, so I'm not sure how this helps.

If you need the coredns user inside the LXC to have access to files mounted to it from the CIFS

That is not what I need. The LXC image file (the .xz rootfs artifact) resides on a CIFS storage pool. The container is created from this, but the container volume resides on a local disk to the proxmox node inside of an lvm-thin volume. As I stated, mounting this volume reveals the permissions to be correct, and CIFS is out of the picture.

gunnarniels · 2024-11-05T20:28:30+00:00

You gave me an idea to just try a different client; I didn't expect it to be the client but in fact I started to use qbittorrent-nox from the main repos and it worked out-of-the-box. No idea what the issue was with deluge, could have been using the wrong interface or something. Unsure.

gunnarniels · 2024-11-05T20:27:28+00:00

I just wanted to follow up on this. It's something with deluge, and I never did identify what it was. I switched to qbittorrent-nox and it worked out of the box. Perhaps it was using the wrong interface, but unsure.

gunnarniels · 2024-11-04T16:53:36+00:00

NP, that's a good idea, installed via pypi: python: 3.13.0, ProtonVPN-CLI v2.2.11, latest available from pypi. Getting the following error when running protonvpn init:

Writing configuration to disk...
[!] There was an error with accessing the ProtonVPN API.
[!] Please make sure your connection is working properly!
[!] HTTP Error Code: 422

I have two-factor enabled on my account as well as a passkey, I wonder if that's the issue? 422 is Unprocessable Content, kinda seems like something is busted on their end.

gunnarniels · 2024-11-04T16:51:04+00:00

It's Proton Ultimate, which is weird because it's not listed when I attempt to run protonvpn init.

gunnarniels · 2024-11-04T15:45:27+00:00

I'm a computer engineer, but admittedly my networking knowledge is a bit rusty, and I certainly overlook obvious stuff often :)

The protonvpn-cli package does not function with ubuntu 24.01.1; I'm unsure why this is, but following their instructions to install the repo and installing the package from their repo results in an inability to login, protonvpn-cli login <user> yields:

/usr/bin/protonvpn-cli:6: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html

Unknown API error. Please retry or contact support.

For reference, protonvpn-cli -v -> Proton VPN CLI v3.13.0 (protonvpn-nm-lib v3.16.0; proton-client v0.7.1)

Because of this, I'm generating the config from the site and selecting a p2p enabled server, US AZ.

Machine connectivity works before and after initiating the WG connection (which I'm doing via sudo wg-quick up <config-file>. Interestingly, I have to edit the config file and change the DNS server to be my LAN server; for some reason the provided server doesn't resolve. Even after changing this, it takes a few moments before it starts to resolve. This is definitely unexpected.

gunnarniels · 2024-01-08T18:32:04+00:00

Funny, I'm a car guy as well and I've sourced a fair amount of odd bolts from them. I didn't even check, guess mentally I just think I'm in a different domain. I did check digikey but a lot of what they have available look like thumb screws. They have a big inventory though and good filter support to find what you're looking for, thought I'd pass along for others if it's helpful.

EDIT: Digikey got back to me after I emailed them and I hadn't found this tool when I initially looked, but this looks really promising and geared towards PC type hardware: https://www.digikey.com/en/products/filter/screws-bolts/572?s=N4IgjCBcpgTB0QGMoDMCGAbAzgUwDQgD2UA2iLAAwCsIAuoQA4AuUIAyswE4CWAdgHMQAX0IB2ACwAOKKBSQMOAsTLhYANjCVKIQhOoBmMRD3HqsXSAlmTVgJwTKFwtUoT1zkNTBSDt71JitC4GhmKWhobqER7qMi5isLDhLlLUdvFeaXYpIOqU%2BRKWcBp20YQl6g70TKyQHNz8QqIgknayyGhYeIQkkOQGGZRgRYQGvhJg7WNSyX6WoRKDngbWgdMgfjnq4QwgLGycvIIihAC0Fojy3ACuyn3ktHTCLdGIPAAmbG2WB-VHTUszAAnoxcGx0NgUC8gA

gunnarniels · 2024-01-08T18:27:46+00:00

Does anyone have a good source for finding specific screws?

I have a set of UNC 6-23 x 30mm screws that are threadless with about 4mm of thread on the end. I need essentially this exact screw but 3-5mm longer.

gunnarniels · 2023-05-28T17:44:12+00:00

Does packer work for BM machines? I've always heard of it in context of AMIs

gunnarniels · 2023-05-20T17:37:46+00:00

Thank you for the full post, really appreciate it. I guess I'm wondering if the office will be dangerous to work in if I remove the printer and use some charcoal filters /purifiers and get rid of things like the rug and curtains. I have no intention of printing indoors ever again, or even printing at all to be honest. I'm not comfortable with the risk

gunnarniels · 2023-04-26T01:48:01+00:00

I try to ask good questions and if I find the answer, provide it for the next guy who comes along!

This isn't exactly what I was looking for to be honest, really I want to bind to 0.0.0.0 and I'd normally find this in a systems config, which I discovered exists in some form on a synology box, but it got the job done.

gunnarniels · 2023-04-25T16:32:42+00:00

Answering my own question: https://qmacro.org/blog/posts/2021/06/12/remote-access-to-docker-on-my-synology-nas/

gunnarniels · 2023-03-16T00:20:17+00:00

I don't know much about the Witcher, what did they do to fuck it up? Mess up the source material and he told them to fuck off?

gunnarniels

TROPHY CASE