docs: create home/proxmox/Proxmox-lxc-usermappings

home/proxmox/Proxmox-lxc-usermappings.md

@@ -0,0 +1,46 @@
+---
+title: Promox-lxc-usermappings
+description: 
+published: true
+date: 2024-04-17T00:20:40.035Z
+tags: 
+editor: markdown
+dateCreated: 2024-04-17T00:20:40.035Z
+---
+
+# Userid mappings
+```bin
+lxc.idmap: u 0 100000 1000
+lxc.idmap: g 0 100000 1000
+lxc.idmap: u 1000 1000 1
+lxc.idmap: g 1000 1000 1
+lxc.idmap: u 1001 101001 64534
+lxc.idmap: g 1001 101001 64534
+```
+
+I see what's happening. This is the default behavior of an unprivileged containers. When you create an unprivileged container, by default the uid/gid in the container are mapped to the range of 100000-165535 uid/gid on the host.
+
+So when you create a user in the container with uid 1000, it will be mapped to uid 101000 on the host. Any files/directories you create under this default mapping will be recognized as uid 101000 by the host system.
+
+The reason the ownership changed to nobody/nogroup is because you later provided a custom mapping. Now uid 1000 in the container is not mapped to 101000 on the host, it is now mapped directly to uid 1000 on the host. In fact uid 101000 is no longer mapped at all, so Proxmox doesn't recognize it and assigns it as nobody/nogroup.
+
+lxc.idmap: u 0 100000 1000 //maps 0-999(CT) -> 100000-100999(Host)
+lxc.idmap: u 1000 1000 1 //maps 1000(CT) -> 1000(Host)
+lxc.idmap: u 1001 101001 64535 //maps 1001-65535(CT) -> 101001-165535(Host)
+
+To fix this:
+
+1. Remove the mappings in config and restart the CT. This should revert the ownership back to akanealw.
+
+2. Then use root/sudo to change ownership of the directory/files to root on the container 
+```bin
+sudo chown root:root -R /home/akanealw
+```
+
+3. Next, shutdown the container and reapply the mappings in config. Now when you restart the container, /home/akanealw should still be owned by root.
+
+4. Lastly, using container's root and change ownership back to the newly mapped akanealw 
+```bin
+sudo chown akanealw:akanealw -R /home/akanealw
+```
+