----- Le 12 Mar 20, à 16:35, Frank Thommen f.thom...@dkfz-heidelberg.de a écrit :
> Dear all, > > we have a strange issue with a CentOS 7 container running on PVE 6.1-3, > that UIDs > 65535 are invalid. The container is used as a "SSH > jumphost" to access a special network: Users log in to the host and SSH > to the special network from there. sssd is running in the container. The > directory service is an Active Directory. > > However users with UID > 65535 cannot login: > > /var/log/secure: > [...] > Mar 12 13:48:32 XXXXXX sshd[1021]: fatal: seteuid 86544: Invalid argument > [...] > > > and chown isn't possible either: > > $ chown 65535 /home/test > $ chown 65536 /home/test > chown: changing ownership of ‘/home/test’: Invalid argument > $ > > > There are no problems with such UIDs on any other systems and there is > no problem with users with an UID <= 65535 within the container. I fear > this might be a container-related issue but I don't understand it and I > don't know if there is a solution or a workaround. > > Any help or hint is highly appreciated You can work with higher UID in LXC with this : * Edit /etc/subuid and change the range. Eg root:100000:4000390000 * Do the same for /etc/subgid * Edit your container config (/etc/pve/lxc/XXX.conf) and add lxc.idmap: u 0 100000 2000200000 lxc.idmap: g 0 100000 2000200000 That's the values I'm using for some AD members containers. Note however that native PVE restore code might refuse to work with those UID (I recall the 65535 max UID hardcoded somewhere in the restore path, but can't remember exactly where) ++ -- [ https://www.firewall-services.com/ ] Daniel Berteaud FIREWALL-SERVICES SAS, La sécurité des réseaux Société de Services en Logiciels Libres Tél : +33.5 56 64 15 32 Matrix: @dani:fws.fr [ https://www.firewall-services.com/ | https://www.firewall-services.com ] _______________________________________________ pve-user mailing list pve-user@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
