[Feature Request] - Assign PUID and GUID to Volume Mapping beyond 1000

[avoiceofreason]

Existing Resources

• [ ] Please search the existing issues for related items
• [ ] Consult the product documentation : Docs
• [ ] Consult the FAQ : FAQ
• [ ] Consult the Troubleshooting Guide : Guide
• [ ] Reviewed existing training videos: Youtube

Is your feature request related to a problem? Please describe.

I am evaluating Kasm Workspaces and have setup an Ubuntu Jammy desktop workspace and setup Volume Mapping to the host file system using the following json in the workspace settings:

{ "/mnt/admin_share": { "bind": "/share", "mode": "rw", "uid": 1000, "gid": 1000, "required": true, "skip_check": false }

The KASM documentation says I can only use uid and gid of 1000 and this seems correct (Other UIDs break the volume map). However on the host OS PUID and GUID 1000 is used by an existing account that I don't want KASM to be using (reading/writing files) on the host.

By way of experiment I also added the account on the host with PUID 1000 to the group of another host account 1001 to see if the volume mapping would give me access to folders/files written by host user 1001, but this doesn't seem to work either. "access denied". So I also can't access files owned by other host Os accounts, even though PUID 1000 is in their group

In addition the write umask of the workspace appears to create files with permission mod 644. I don't see any feature to apply a umask or set the default permissions. I would prefer 770 or 660.

Unless I am missing something the current lack of configuration doesn't provide the security flexibility I would need to implement anything for a production environment.

Describe the solution you'd like

An ability at KASM user level to define PUID, GUID and UMASK so that Volume Mapping can be applied in a secure manner and KASM PUIDs don't overlap with host PUIDs.

Ubuntu (my host OS) allocates PUID 1000 to the first user account created, then increments by 1 as new user accounts are created. So at minimum the default uid,gid in the KASM volume mapping config should avoid the range 1000 to 1100, but ideally be configurable.

Default rwx permissions and/or umask should be configurable to avoid r/w/x being added to "all".

Describe alternatives you've considered I already have a folder structure and existing test files on the host file system that I want to volume map to KASM workspaces. These have a mixture of files owned by various host user accounts, The current KASM solution does not allow me to volume map to these folders/files by adding PUID 1000 to the group of another user account, and all files written by KASM to the volume map will be stamped with 1000:1000 -rw-r--r-- which is not an acceptable security model.

Additional context Please note that I am using the linuxserver kasm docker image (DnD). But I don't think that changes any of the permissions functionality above.