Announcement

**flower** · 13 February 2021, 10:28 AM

oh, please yes...
atm i have multiple docker containers which i had to rewrite for the sole reason that the original one did not support different uids and gids (eg nextcloud)

i hope that this will work with bind mounts and that docker will integrate it

**Old Grouch** · 13 February 2021, 12:27 PM

Well, this is a classic solution to a problem by adding a (nother) layer of indirection.

Essentially, by making the owner and group of a file a random identifier, then mapping that identifier to an access ruleset, you can add all sorts of rules to the mapping process, which can be dynamic. This is the same problem as (partially) solved by ACLs.

The fun will be in making the mapping process efficient. In a pathological worst case, every file in a file system will have a different identifier, and every user will have a different set of access permissions. It's a bit like maintaining an efficient forwarding table for IPv6 and managing a firewall rule set simultaneously. I hope it works.

**xnor** · 13 February 2021, 02:28 PM

Originally posted by Old Grouch View Post

Well, this is a classic solution to a problem by adding a (nother) layer of indirection.

Essentially, by making the owner and group of a file a random identifier, then mapping that identifier to an access ruleset, you can add all sorts of rules to the mapping process, which can be dynamic. This is the same problem as (partially) solved by ACLs.

The fun will be in making the mapping process efficient. In a pathological worst case, every file in a file system will have a different identifier, and every user will have a different set of access permissions. It's a bit like maintaining an efficient forwarding table for IPv6 and managing a firewall rule set simultaneously. I hope it works.

Eh what? This is just a mapping. Did you read the PR summary?

**polarathene** · 13 February 2021, 07:32 PM

YAAAAAASSSSS!!

So good for working around issues with container ownership and external disks between systems!

**pal666** · 13 February 2021, 11:08 PM

Originally posted by flower View Post

docker

podman

**andreano** · 14 February 2021, 11:42 AM

Originally posted by pal666 View Post

> docker
podman

selfdock

Actually, this isn't a problem with selfdock (at least not one caused by containerization), since as the name implies, it will only ever let you run as your own uid:gid (thus no mapping is needed for file permissions in volumes to work the same).

**baryluk** · 15 February 2021, 01:52 PM

Finally. I was waiting for this feature for more than a decade.

**linuxgeex** · 16 April 2021, 01:29 AM

phoronix you might like to add to your list of benefits - this allows to give user access to read-only-mounted filesystems which do support posix permissions. You can't chrown -r an ro-mounted fs!

ie if you have an ext3 disk image written into a zisofs written onto a BDROM backup and you want to access files from one of the users who has a different UID than your current user. In the past my workaround was to use su -c to launch thunar as the target user. That's a clumsy workaround, and requires that UID to exist locally, and could be a security risk if that UID is actually in use, and mutually un-trusting.

Announcement

IDMAPPED Mounts Aim For Linux 5.12 - Many New Use-Cases From Containers To Systemd-Homed

IDMAPPED Mounts Aim For Linux 5.12 - Many New Use-Cases From Containers To Systemd-Homed

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment