Bind Mount Mapping/Permissions

[aaronblair]

Note: This question is moved over from Discord for better visibility.

I have looked through the Github discussions and documentation at length, but it's not totally clear what is the recommended approach for mapping host directories into the containers.

From what I can tell, there are two schools of thought:

1. Utilize the bind mount mapping in lxc config to map the container accounts to local accounts
2. Create new account & group on the host that maps to the high uid/gid and then use the group to permissions accordingly on the host

In theory, there are pros/cons to either of these approaches, but in practice I have found that neither tend to work well as there is quite a bit of variability with how the containers are configured across the scripts. For example, many containers/services are configured to run as root in the container, but if you try and map this to uid/gid on the host, permissions in the container are all messed up. Alternatively, if you use high uid/gid accounts on the host, a single set of id's won't wor as not all of the services run as root (ie. SFTPGO).

What am I missing? What is the recommended approach that leaves you with proper file permissions on the host. I'd love to compile whatever the recommendation is into a guide to make it easier for others.

Thank you!