无法访问从主机共享的 lxd 容器中的文件
Can not access a file in a lxd container shared from the host
我有一个名为 master 的 lxd 容器。我发现它的根目录位于:
/var/lib/lxd/containers/master/rootfs/home/ubuntu/
所以,我将我的文件夹 tars 转移到了这个地址。请注意 tars 有两个文件。
现在,我知道tars的用户id和组id是root。另一方面,容器中所有其他文件的用户 ID 和组 ID 为 166536.
因此,对于文件夹和文件,我 sudo chown 166536 <file/folder name> 更改了用户 ID,sudo chown :166536 <file/folder name> 更改了组 ID。
有一次,我这样做了,我希望 tars 可以从容器 master 访问,但那没有发生。谁能告诉我我错过了什么?
这是我在 reddit:
上找到的方法
Yeah this was the answer, running with unprivileged container you are
not able to see the permissions on the LXD Host, so it appears as
Nobody:Nobody. In a way is silly because you can mount the folder into
the Container and see the files on it..
For future reference, for anyone having this issue, this are the steps
i made (it may not be the correct ones but it works)
sudo mkdir /tmp/share
adduser subsonic --shell=/bin/false --no-create-home --system --group --uid 6000 (this is a "service account")
sudo chown -R subsonic: /tmp/share
lxc exec Test -- /bin/bash
mkdir /mnt/share
adduser subsonic --shell=/bin/false --no-create-home --system --group --uid 6000 (important that the uid is the same)
exit
lxc stop Test
lxc config edit Test (add the line security.privileged: "true" right bellow config: save and exit)
lxc start Test
lxc config device add MyMusic MyLibrary disk source=/tmp/share path=/mnt/share
lxc exec Test -- /bin/bash
ls /mnt/share/ (note that the subsonic user is there)
exit
It's a shame that i couldnt find a way to map the user inside the
unprivileged container. if Anyone know's let me know.
基本上,为主机和容器创建一个普通用户。这种方法还有什么更好的吗?
当您打开容器并执行
whoami
你会得到结果:
root
因此,当前用户是 root,而不是 ubuntu。也就是说,我将文件夹发送到的地址是错误的。当前地址是var/lib/lxd/containers/master/root/。发送文件夹后,检查 uid/gid(类似于 165536)。通过以下方式更改 uid:
sudo chmod 165536 <folder-name>
gid 由:
sudo chmod :165536 <folder-name>
完成后,我们确定容器用户 root 将能够访问这些文件。
或一步到位sudo chmod 165536:165536 <folder-name>。
我有一个名为 master 的 lxd 容器。我发现它的根目录位于:
/var/lib/lxd/containers/master/rootfs/home/ubuntu/
所以,我将我的文件夹 tars 转移到了这个地址。请注意 tars 有两个文件。
现在,我知道tars的用户id和组id是root。另一方面,容器中所有其他文件的用户 ID 和组 ID 为 166536.
因此,对于文件夹和文件,我 sudo chown 166536 <file/folder name> 更改了用户 ID,sudo chown :166536 <file/folder name> 更改了组 ID。
有一次,我这样做了,我希望 tars 可以从容器 master 访问,但那没有发生。谁能告诉我我错过了什么?
这是我在 reddit:
上找到的方法Yeah this was the answer, running with unprivileged container you are not able to see the permissions on the LXD Host, so it appears as Nobody:Nobody. In a way is silly because you can mount the folder into the Container and see the files on it..
For future reference, for anyone having this issue, this are the steps i made (it may not be the correct ones but it works)
sudo mkdir /tmp/share adduser subsonic --shell=/bin/false --no-create-home --system --group --uid 6000 (this is a "service account") sudo chown -R subsonic: /tmp/share lxc exec Test -- /bin/bash mkdir /mnt/share adduser subsonic --shell=/bin/false --no-create-home --system --group --uid 6000 (important that the uid is the same) exit lxc stop Test lxc config edit Test (add the line security.privileged: "true" right bellow config: save and exit) lxc start Test lxc config device add MyMusic MyLibrary disk source=/tmp/share path=/mnt/share lxc exec Test -- /bin/bash ls /mnt/share/ (note that the subsonic user is there) exitIt's a shame that i couldnt find a way to map the user inside the unprivileged container. if Anyone know's let me know.
基本上,为主机和容器创建一个普通用户。这种方法还有什么更好的吗?
当您打开容器并执行
whoami
你会得到结果:
root
因此,当前用户是 root,而不是 ubuntu。也就是说,我将文件夹发送到的地址是错误的。当前地址是var/lib/lxd/containers/master/root/。发送文件夹后,检查 uid/gid(类似于 165536)。通过以下方式更改 uid:
sudo chmod 165536 <folder-name>
gid 由:
sudo chmod :165536 <folder-name>
完成后,我们确定容器用户 root 将能够访问这些文件。
或一步到位sudo chmod 165536:165536 <folder-name>。