mount host directories with given user permissions

lima-vm / lima

Linux virtual machines, with a focus on running containers

https://lima-vm.io/

Apache License 2.0

15.35k stars 602 forks source link

mount host directories with given user permissions #2246

Open habibifa opened 8 months ago

habibifa commented 8 months ago

Description

In my ubuntu vm which is created by limactl I have shared the /var/www directory of my host as writable. Now on my ubuntu vm I have installed the apache2 which runs under group www-data. so to sum it up the content of my website is located under /var/www on my host-pc and the apache2 runs inside of vm. My website creates other websites that are also in the /var/www/[WEBSITE]. everything sofar is good. Except the files of the new generated website have root permissions for the group and the owner. This should not be the case, because of the www-data user of apache creating or cloning those files via git. Is this a bug or can I pass the owner and group in the .yaml file of my vm

I hope to hear from you soon. Thanks in advance.

AkihiroSuda commented 8 months ago

Please try this

mounts:
- location: "..."
  9p:
    securityModel: "mapped-xattr"
mountType: "9p"

https://github.com/lima-vm/lima/blob/643ddd8aa5735f7c74a9c173fb3470a5ff4f90e3/examples/default.yaml#L80-L84

habibifa commented 8 months ago

Thank you for your prompt answer,

i tried the snipped you posted. unfortunately it does not work for sumlinks which are crucial in my project. mounts:

location: "~/lima/default" writable: true
location: "/var/www" writable: true 9p: securityModel: "mapped-xattr"
location: "/etc/cner20" writable: true mountType: "9p"

Some how as i used this method my apache web server got very slow.

thanks in advance:)

afbjorklund commented 8 months ago

I think it would be possible to add a similar feature to the sshfs mount, if needed.

       -o idmap=TYPE
              user/group ID mapping (default: "none")

               none   no translation of the ID space

               user   only translate UID/GID of connecting user

               file   translate UIDs/GIDs based upon the contents of uidfile  and gidfile

       -o uidfile=FILE
              file containing username:uid mappings for idmap=file

       -o gidfile=FILE
              file containing groupname:gid mappings for idmap=file

       -o nomap=TYPE
              with idmap=file, how to handle missing mappings

               ignore don't do any re-mapping

               error  return an error (default)

afbjorklund commented 8 months ago

Some how as i used this method my apache web server got very slow.

It is better to serve the files from a local filesystem, but you need to set up some method to sync the contents.

That is, to copy the files from the host to the instance. The file ownership could be changed during that process.

habibifa commented 8 months ago

I am not sure if I understand the snippet you have just posted. Would you mind make those changes to my snippet so i can understand where to put the options?

afbjorklund commented 8 months ago

I am not sure if I understand the snippet you have just posted.

It would require code changes to lima, so is a separate feature.