canonical
Feature request: storage volume permissions
When creating a dir volume:
$ lxc storage volume create default foo
The mounted directory has permissions drwx--x--x (0711). It would be nice to have a config setting to control this. I'd be happy with just the dir driver for now, but we may want zfs as well in future.
It might be possible to work around this using something like:
$ mkdir -p backup/volume
$ $EDITOR backup/index.yaml
$ tar zcf foo.tar.gz backup
$ lxc storage volume import default foo.tar.gz foo
But generating index.yaml is a bit complex and I'm not sure if it's a stable format. Just saying I'd also be happy with an approach along these lines if it's easier to implement.
At the moment our use cache is to mount /var/cache/apt/archives as a volume. Normally this would have 0755 permissions, but as far as I can tell that doesn't really matter because apt runs as root. So I wouldn't treat this request as high priority, at least until we find a use case where the permissions really do matter.
I'd be tempted to make this a property of the disk device that attaches the volume to an instance, rather than a property of the volume itself, as that then offers the option of having the same volume mounted to multiple instances using different mount perms.
That's interesting, I didn't even know that was a possibility. Might be worth checking if this is already doable with raw.mount.options or something
Something related recently landed in Incus https://github.com/lxc/incus/pull/1415
Thinking about this more the uid/gid maybe able to be device specific (if we consider idmapped mounts) however the permission of the volume directory itself would need to be on the volume indeed.
As discussed, another option would be to allow mounting a subdirectory of a volume
@jonathan-conder this PR from Incus may also help the situation:
https://github.com/lxc/incus/pull/1092
It allows to mount a sub-directory from a custom volume as a disk in the instance.