LXC User/Group Pass-through
Let's say you have a user and/or group you'd like to pass through into an LXC container. Simply add the userid and/or groupid to the respective subuid/subgid files located in /etc/subuid
and /etc/subgid
in the form root:<id>:1
(why the thing is root, don't ask me - it just works).
Then, set the idmap of the lxc container to pass through the respective id. For example, if you want to pass through a user and group 1001: lxc config set <containerName> raw.idmap="both 1001 1001"
. If you want to only pass through a user, or a group, change both
to be uid
or gid
. After this, restart LXC to apply the id remapping.
Now the permissions will be passed through, and the user/group will be able to make changes to directorys and folders with the right owners. However, the original container uid and gid will be passed through when writing files. For example:
hello
was made on the host system, whereas test
was from the container: the uid of 1001000
ends up in the file system (which is from the container: lxc/lxd maps container uids/gids to high numbers on the host system by default). It was able to write the file, however, as the user was in the passed through group media
(1001 in this case). You might spring to ACLs (Access Control Lists), but that is for setting the default permissions, not for making new files/folders inhereit a group or user. To do this, run chmod g+s <directory>
which will set the GroupID flag making newly created subfiles inhereit the same group as the parent directory.