Mirrors/ProxMenux
1
0
Fork 0
mirror of https://github.com/MacRimi/ProxMenux.git synced 2026-04-25 08:56:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update scripts

Browse Source
This commit is contained in:
MacRimi
2026-04-12 20:32:34 +02:00
parent 4fa4bbb08b
commit 4843fae0eb
47 changed files with 8313 additions and 3014 deletions
Download Patch File Download Diff File Expand all files Collapse all files

550
scripts/share/commands_share.sh
View File

@@ -6,8 +6,8 @@
# Author : MacRimi
# Copyright : (c) 2024 MacRimi
# License : (GPL-3.0) (https://github.com/MacRimi/ProxMenux/blob/main/LICENSE)
# Version : 1.5
# Last Updated: 04/08/2025
# Version : 1.6
# Last Updated: 07/04/2026
# ==========================================================
# Configuration ============================================
@@ -29,11 +29,14 @@ show_command() {
local command="$3"
local note="$4"
local command_extra="$5"
echo -e "${BGN}${step}.${CL} ${BL}${description}${CL}"
echo -e " ${DARK_GRAY}────────────────────────────────────────────────${CL}"
echo -e " ${BGN}${step}.${CL} ${description}"
echo ""
while IFS= read -r line; do
echo -e "${TAB}${line}"
done <<< "$(echo -e "$command")"
echo ""
echo -e "${TAB}${command}"
echo -e
[[ -n "$note" ]] && echo -e "${TAB}${DARK_GRAY}${note}${CL}"
[[ -n "$command_extra" ]] && echo -e "${TAB}${YW}${command_extra}${CL}"
echo ""
@@ -43,10 +46,10 @@ show_how_to_enter_lxc() {
clear
show_proxmenux_logo
msg_title "$(translate "How to Access an LXC Terminal from Proxmox Host")"
msg_info2 "$(translate "Use these commands on your Proxmox host to access an LXC container's terminal:")"
echo -e
echo -e
show_command "1" \
"$(translate "Get a list of all your containers:")" \
"pct list" \
@@ -54,93 +57,203 @@ show_how_to_enter_lxc() {
""
show_command "2" \
"$(translate "Enter the container's terminal")" \
"$(translate "Enter the container terminal:")" \
"pct enter ${CUS}<container-id>${CL}" \
"$(translate "Replace <container-id> with the actual ID.")"\
"$(translate "Replace <container-id> with the actual ID.")" \
"$(translate "For example: pct enter 101")"
show_command "3" \
"$(translate "To exit the container's terminal, press:")" \
"CTRL + D" \
"" \
"$(translate "Exit the container terminal:")" \
"exit" \
"$(translate "Or press CTRL + D")" \
""
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
}
show_host_mount_resources_help() {
show_host_storage_help() {
clear
show_proxmenux_logo
msg_title "$(translate "Mount Remote Resources on Proxmox Host")"
msg_info2 "$(translate "How to mount NFS and Samba shares directly on the Proxmox host. Proxmox already has the necessary tools installed.")"
echo -e
msg_title "$(translate "Host Storage (NFS / Samba via Proxmox)")"
echo -e "${BOLD}${BL}=== MOUNT NFS SHARE ===${CL}"
msg_info2 "$(translate "Current ProxMenux host scripts register remote shares as Proxmox storages using pvesm.")"
msg_info2 "$(translate "This means Proxmox handles mount lifecycle natively (no manual /etc/fstab needed for NFS/CIFS host storages).")"
echo -e
echo -e "${BOLD}${BL}=== NFS AS PROXMOX STORAGE ===${CL}"
echo -e
show_command "1" \
"$(translate "Create mount point:")" \
"mkdir -p ${CUS}/mnt/nfs_share${CL}" \
"$(translate "Replace with your preferred path.")" \
""
"$(translate "Add NFS storage:")" \
"pvesm add nfs ${CUS}<storage-id>${CL} --server ${CUS}<nfs-server-ip>${CL} --export ${CUS}</export/path>${CL} --content ${CUS}import,backup,iso,vztmpl,images,snippets${CL}" \
"$(translate "Use content types according to your use case.")" \
"$(translate "Example: pvesm add nfs nfs-nas --server 192.168.1.50 --export /volume1/proxmox --content import,backup")"
show_command "2" \
"$(translate "Mount NFS share:")" \
"mount -t nfs ${CUS}192.168.1.100${CL}:${CUS}/path/to/share${CL} ${CUS}/mnt/nfs_share${CL}" \
"$(translate "Replace IP and paths with your values.")" \
"$(translate "List configured storages:")" \
"pvesm status" \
"$(translate "Shows status and type (nfs/cifs/dir/iscsi...).")" \
""
show_command "3" \
"$(translate "Make permanent (optional):")" \
"echo '${CUS}192.168.1.100${CL}:${CUS}/path/to/share${CL} ${CUS}/mnt/nfs_share${CL} nfs4 rw,hard,intr,_netdev,rsize=1048576,wsize=1048576,timeo=600,retrans=2 0 0' >> /etc/fstab" \
"$(translate "_netdev waits for network before mounting.")" \
"$(translate "Remove NFS storage:")" \
"pvesm remove ${CUS}<storage-id>${CL}" \
"$(translate "Only removes storage definition, not remote data.")" \
""
echo -e "${BOLD}${BL}=== MOUNT SAMBA SHARE ===${CL}"
echo -e "${BOLD}${BL}=== SAMBA/CIFS AS PROXMOX STORAGE ===${CL}"
echo -e
show_command "4" \
"$(translate "Create mount point:")" \
"mkdir -p ${CUS}/mnt/samba_share${CL}" \
"$(translate "Replace with your preferred path.")" \
"$(translate "Add CIFS storage:")" \
"pvesm add cifs ${CUS}<storage-id>${CL} --server ${CUS}<samba-server-ip>${CL} --share ${CUS}<share-name>${CL} --username ${CUS}<user>${CL} --password ${CUS}<pass>${CL} --content ${CUS}import,backup,iso,vztmpl,images,snippets${CL}" \
"$(translate "For guest shares add: --options guest")" \
""
show_command "5" \
"$(translate "Mount Samba share:")" \
"mount -t cifs //${CUS}192.168.1.100${CL}/${CUS}sharename${CL} ${CUS}/mnt/samba_share${CL} -o username=${CUS}user${CL}" \
"$(translate "You will be prompted for password. Replace IP, share and user.")" \
"$(translate "Inspect storage config block:")" \
"sed -n '/^${CUS}<storage-id>${CL}:/,/^[^ ]/p' /etc/pve/storage.cfg" \
"$(translate "Useful to verify options/content after script execution.")" \
""
show_command "6" \
"$(translate "Make permanent (optional):")" \
"echo '//${CUS}192.168.1.100${CL}/${CUS}sharename${CL} ${CUS}/mnt/samba_share${CL} cifs username=${CUS}user${CL},password=${CUS}pass${CL},_netdev 0 0' >> /etc/fstab" \
"$(translate "Replace with your credentials.")" \
"$(translate "Remove CIFS storage:")" \
"pvesm remove ${CUS}<storage-id>${CL}" \
"" \
""
echo -e "${BOLD}${BL}=== CREATE LOCAL DIRECTORY ===${CL}"
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
}
show_local_share_help() {
clear
show_proxmenux_logo
msg_title "$(translate "Local Shared Directory on Host")"
msg_info2 "$(translate "Equivalent manual flow used by Local Shared Manager.")"
msg_info2 "$(translate "No group creation required — uses world-writable sticky bit permissions.")"
echo -e
show_command "7" \
"$(translate "Create directory:")" \
"mkdir -p ${CUS}/mnt/local_share${CL}" \
"$(translate "Creates a local directory on Proxmox host.")" \
show_command "1" \
"$(translate "Create shared directory:")" \
"mkdir -p ${CUS}/mnt/shared${CL}" \
"$(translate "Choose any host path you want to share with CTs.")" \
""
show_command "8" \
"$(translate "Set permissions:")" \
"chmod 755 ${CUS}/mnt/local_share${CL}" \
"$(translate "Sets basic read/write permissions.")" \
show_command "2" \
"$(translate "Set ownership and permissions:")" \
"chown root:root ${CUS}/mnt/shared${CL}\nchmod 1777 ${CUS}/mnt/shared${CL}" \
"$(translate "1777 = sticky bit + rwx for all. No shared group needed.")" \
""
show_command "9" \
"$(translate "Verify mounts:")" \
"df -h" \
"$(translate "Shows all mounted filesystems.")" \
show_command "3" \
"$(translate "Optional: apply default ACL so new files inherit permissions:")" \
"setfacl -R -m d:u::rwx,d:g::rwx,d:o::rwx,m::rwx ${CUS}/mnt/shared${CL}" \
"$(translate "Requires acl package. Skip if setfacl is not available.")" \
""
show_command "4" \
"$(translate "Optional: register this path as Proxmox dir storage:")" \
"pvesm add dir ${CUS}<storage-id>${CL} --path ${CUS}/mnt/shared${CL} --content ${CUS}backup,iso,vztmpl,snippets${CL}" \
"$(translate "Use images only if the directory is on suitable storage.")" \
""
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
}
show_disk_host_help() {
clear
show_proxmenux_logo
msg_title "$(translate "Add Local Disk as Proxmox Storage")"
msg_info2 "$(translate "Equivalent manual flow of disk_host.sh: partition, format, mount, persist, register in Proxmox.")"
echo -e
show_command "1" \
"$(translate "Identify candidate disk (never use system disk):")" \
"lsblk -o NAME,SIZE,TYPE,FSTYPE,MOUNTPOINT,MODEL" \
"$(translate "Example target: /dev/sdb")" \
""
show_command "2" \
"$(translate "Wipe old signatures and partition table (DESTRUCTIVE):")" \
"wipefs -a ${CUS}/dev/sdb${CL}\nsgdisk --zap-all ${CUS}/dev/sdb${CL}" \
"$(translate "This erases existing metadata.")" \
""
show_command "3" \
"$(translate "Create GPT and one partition:")" \
"parted -s ${CUS}/dev/sdb${CL} mklabel gpt\nparted -s ${CUS}/dev/sdb${CL} mkpart primary 0% 100%" \
"" \
""
show_command "4" \
"$(translate "Format partition:")" \
"mkfs.ext4 -F ${CUS}/dev/sdb1${CL}\n# or\nmkfs.xfs -f ${CUS}/dev/sdb1${CL}" \
"" \
""
show_command "5" \
"$(translate "Mount and persist with UUID:")" \
"mkdir -p ${CUS}/mnt/disk-sdb${CL}\nmount ${CUS}/dev/sdb1${CL} ${CUS}/mnt/disk-sdb${CL}\nblkid ${CUS}/dev/sdb1${CL}\n# Add UUID line to /etc/fstab" \
"$(translate "Using UUID is recommended over /dev/sdX.")" \
""
show_command "6" \
"$(translate "Register mount path in Proxmox:")" \
"pvesm add dir ${CUS}<storage-id>${CL} --path ${CUS}/mnt/disk-sdb${CL} --content ${CUS}images,backup${CL}" \
"" \
""
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
}
show_iscsi_host_help() {
clear
show_proxmenux_logo
msg_title "$(translate "Add iSCSI Target as Proxmox Storage")"
msg_info2 "$(translate "Equivalent manual flow of iscsi_host.sh.")"
echo -e
show_command "1" \
"$(translate "Install and start iSCSI initiator:")" \
"apt-get update && apt-get install -y open-iscsi\nsystemctl enable --now iscsid" \
"" \
""
show_command "2" \
"$(translate "Discover targets on portal:")" \
"iscsiadm -m discovery -t sendtargets -p ${CUS}<portal-ip>:3260${CL}" \
"$(translate "This returns available IQNs.")" \
""
show_command "3" \
"$(translate "Add iSCSI storage in Proxmox:")" \
"pvesm add iscsi ${CUS}<storage-id>${CL} --portal ${CUS}<portal-ip>:3260${CL} --target ${CUS}<target-iqn>${CL} --content images" \
"$(translate "Content is usually images for VM block devices.")" \
""
show_command "4" \
"$(translate "Verify iSCSI sessions and storage status:")" \
"iscsiadm -m session\npvesm status" \
"" \
""
show_command "5" \
"$(translate "Remove iSCSI storage definition:")" \
"pvesm remove ${CUS}<storage-id>${CL}" \
"" \
""
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
@@ -149,42 +262,42 @@ show_host_mount_resources_help() {
show_host_to_lxc_mount_help() {
clear
show_proxmenux_logo
msg_title "$(translate "Mount Host Directory to LXC Container")"
msg_info2 "$(translate "How to mount a Proxmox host directory into an LXC container. Execute these commands on the Proxmox host.")"
echo -e
msg_title "$(translate "Host Directory to LXC Mount Point")"
msg_info2 "$(translate "Current script uses native bind mounts with pct set -mpX.")"
msg_info2 "$(translate "Safe design: no automatic ACL/ownership mutation on host or CT.")"
echo -e
show_command "1" \
"$(translate "Add mount point to container:")" \
"pct set ${CUS}<container-id>${CL} -mp0 ${CUS}/host/directory${CL},mp=${CUS}/container/path${CL},backup=0,shared=1" \
"$(translate "Replace container-id, host directory and container path.")" \
"$(translate "Example: pct set 101 -mp0 /mnt/shared,mp=/mnt/shared,,backup=0,shared=1")"
"$(translate "List containers:")" \
"pct list" \
"" \
""
show_command "2" \
"$(translate "Restart container:")" \
"pct reboot ${CUS}<container-id>${CL}" \
"$(translate "Required to activate the mount point.")" \
"$(translate "Add bind mount to container:")" \
"pct set ${CUS}<ctid>${CL} -mp0 ${CUS}/host/path${CL},mp=${CUS}/container/path${CL},backup=0,shared=1" \
"$(translate "Use mp1/mp2/... for extra mount points.")" \
""
show_command "3" \
"$(translate "Verify mount inside container:")" \
"pct enter ${CUS}<container-id>${CL}
df -h | grep ${CUS}/container/path${CL}" \
"$(translate "Check if the directory is mounted.")" \
"$(translate "Check resulting config:")" \
"pct config ${CUS}<ctid>${CL} | grep '^mp'" \
"" \
""
show_command "4" \
"$(translate "Remove mount point (if needed):")" \
"pct set ${CUS}<container-id>${CL} --delete mp0" \
"$(translate "Removes the mount point. Use mp1, mp2, etc. for other mounts.")" \
"$(translate "Remove mount point:")" \
"pct set ${CUS}<ctid>${CL} --delete mp0" \
"" \
""
echo -e "${BOR}"
echo -e "${BOLD}$(translate "Notes:")${CL}"
echo -e "${TAB}${BGN}$(translate "Mount indices:")${CL} ${BL}Use mp0, mp1, mp2, etc. for multiple mounts${CL}"
echo -e "${TAB}${BGN}$(translate "Permissions:")${CL} ${BL}May need adjustment depending on directory type${CL}"
echo -e "${TAB}${BGN}$(translate "Container types:")${CL} ${BL}Works with both privileged and unprivileged containers${CL}"
show_command "5" \
"$(translate "Verify inside container:")" \
"pct enter ${CUS}<ctid>${CL}\ndf -h" \
"$(translate "Confirm the mount path is visible.")" \
""
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
@@ -193,67 +306,41 @@ show_host_to_lxc_mount_help() {
show_nfs_server_help() {
clear
show_proxmenux_logo
msg_title "$(translate "NFS Server Installation")"
msg_info2 "$(translate "How to install and configure an NFS server in an LXC container.")"
echo -e
msg_title "$(translate "NFS Server in LXC (Privileged)")"
msg_warn "$(translate "Use a privileged LXC for NFS server/client workflows.")"
echo -e
show_command "1" \
"$(translate "Update and install packages:")" \
"apt-get update && apt-get install -y nfs-kernel-server" \
"$(translate "Install server packages inside CT:")" \
"apt-get update && apt-get install -y nfs-kernel-server nfs-common rpcbind" \
"" \
""
show_command "2" \
"$(translate "Create export directory:")" \
"mkdir -p ${CUS}/mnt/nfs_export${CL}" \
"$(translate "Replace with your preferred path.")" \
"mkdir -p ${CUS}/mnt/nfs_export${CL}\nchmod 755 ${CUS}/mnt/nfs_export${CL}" \
"" \
""
show_command "3" \
"$(translate "Set directory permissions:")" \
"chmod 755 ${CUS}/mnt/nfs_export${CL}" \
"" \
""
show_command "4.1" \
"$(translate "Configure exports (safe root_squash):")" \
"$(translate "Add export rule:")" \
"echo '${CUS}/mnt/nfs_export${CL} ${CUS}192.168.1.0/24${CL}(rw,sync,no_subtree_check,root_squash)' >> /etc/exports" \
"$(translate "Replace directory path and network range.")" \
"$(translate "Adjust network/CIDR to your environment.")" \
""
show_command "4.2" \
"$(translate "Or Configure exports (map all users):")" \
"echo '${CUS}/mnt/nfs_export${CL} ${CUS}192.168.1.0/24${CL}(rw,sync,no_subtree_check,all_squash,anonuid=0,anongid=0)' >> /etc/exports" \
"$(translate "Replace directory path and network range.")" \
show_command "4" \
"$(translate "Apply and restart services:")" \
"exportfs -ra\nsystemctl restart rpcbind nfs-kernel-server\nsystemctl enable rpcbind nfs-kernel-server" \
"" \
""
show_command "5" \
"$(translate "Apply configuration:")" \
"exportfs -ra" \
"" \
""
show_command "6" \
"$(translate "Start and enable service:")" \
"systemctl restart nfs-kernel-server
systemctl enable nfs-kernel-server" \
"" \
""
show_command "7" \
"$(translate "Verify exports:")" \
"$(translate "Verify active exports:")" \
"showmount -e localhost" \
"$(translate "Shows available NFS exports.")" \
"" \
""
echo -e "${BOR}"
echo -e "${BOLD}$(translate "Export Options:")${CL}"
echo -e "${TAB}${BGN}$(translate "rw:")${CL} ${BL}Read-write access${CL}"
echo -e "${TAB}${BGN}$(translate "sync:")${CL} ${BL}Synchronous writes${CL}"
echo -e "${TAB}${BGN}$(translate "no_subtree_check:")${CL} ${BL}Improves performance${CL}"
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
@@ -262,67 +349,47 @@ show_nfs_server_help() {
show_samba_server_help() {
clear
show_proxmenux_logo
msg_title "$(translate "Samba Server Installation")"
msg_info2 "$(translate "How to install and configure a Samba server in an LXC container.")"
msg_title "$(translate "Samba Server in LXC (Privileged)")"
msg_warn "$(translate "Use a privileged LXC for Samba client/server workflows.")"
echo -e
show_command "1" \
"$(translate "Update and install packages:")" \
"apt-get update && apt-get install -y samba" \
"$(translate "Install Samba inside CT:")" \
"apt-get update && apt-get install -y samba samba-common-bin acl" \
"" \
""
show_command "2" \
"$(translate "Create share directory:")" \
"mkdir -p ${CUS}/mnt/samba_share${CL}" \
"$(translate "Replace with your preferred path.")" \
"mkdir -p ${CUS}/mnt/samba_share${CL}\nchmod 755 ${CUS}/mnt/samba_share${CL}" \
"" \
""
show_command "3" \
"$(translate "Set directory permissions:")" \
"chmod 755 ${CUS}/mnt/samba_share${CL}" \
"" \
""
show_command "4" \
"$(translate "Create Samba user:")" \
"adduser ${CUS}sambauser${CL}
smbpasswd -a ${CUS}sambauser${CL}" \
"$(translate "Replace with your username. You'll be prompted for password.")" \
""
show_command "5" \
"$(translate "Configure share:")" \
"cat >> /etc/samba/smb.conf << EOF
[shared]
comment = Shared folder
path = ${CUS}/mnt/samba_share${CL}
read only = no
browseable = yes
valid users = ${CUS}sambauser${CL}
EOF" \
"$(translate "Replace path and username.")" \
""
show_command "6" \
"$(translate "Restart and enable service:")" \
"systemctl restart smbd
systemctl enable smbd" \
"adduser ${CUS}sambauser${CL}\nsmbpasswd -a ${CUS}sambauser${CL}" \
"" \
""
show_command "7" \
"$(translate "Test configuration:")" \
"smbclient -L localhost -U ${CUS}sambauser${CL}" \
"$(translate "Lists available shares. You'll be prompted for password.")" \
show_command "4" \
"$(translate "Add share block in /etc/samba/smb.conf:")" \
"cat >> /etc/samba/smb.conf << 'EOF'\n[shared]\n path = /mnt/samba_share\n browseable = yes\n read only = no\n valid users = sambauser\nEOF" \
"" \
""
echo -e "${BOR}"
echo -e "${BOLD}$(translate "Connection Examples:")${CL}"
echo -e "${TAB}${BGN}$(translate "Windows:")${CL} ${YW}\\\\<server-ip>\\shared${CL}"
echo -e "${TAB}${BGN}$(translate "Linux:")${CL} ${YW}smbclient //server-ip/shared -U sambauser${CL}"
show_command "5" \
"$(translate "Restart and enable Samba:")" \
"systemctl restart smbd\nsystemctl enable smbd" \
"" \
""
show_command "6" \
"$(translate "Test share visibility:")" \
"smbclient -L localhost -U ${CUS}sambauser${CL}" \
"" \
""
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
@@ -331,47 +398,41 @@ EOF" \
show_nfs_client_help() {
clear
show_proxmenux_logo
msg_title "$(translate "NFS Client Configuration")"
msg_info2 "$(translate "How to configure an NFS client in an LXC container.")"
msg_title "$(translate "NFS Client in LXC (Privileged)")"
msg_warn "$(translate "Current NFS client script supports privileged LXC only.")"
echo -e
show_command "1" \
"$(translate "Update and install packages:")" \
"$(translate "Install NFS client packages inside CT:")" \
"apt-get update && apt-get install -y nfs-common" \
"" \
""
show_command "2" \
"$(translate "Create mount point:")" \
"mkdir -p ${CUS}/mnt/nfsmount${CL}" \
"$(translate "Replace with your preferred path.")" \
"mkdir -p ${CUS}/mnt/nfs_share${CL}" \
"" \
""
show_command "3" \
"$(translate "Mount NFS share:")" \
"mount -t nfs ${CUS}192.168.1.100${CL}:${CUS}/mnt/nfs_export${CL} ${CUS}/mnt/nfsmount${CL}" \
"$(translate "Replace server IP and paths.")" \
"mount -t nfs ${CUS}<server-ip>:/export/path${CL} ${CUS}/mnt/nfs_share${CL}" \
"$(translate "Adjust options if needed (vers=4,hard,timeo,...).")" \
""
show_command "4" \
"$(translate "Test access:")" \
"ls -la ${CUS}/mnt/nfsmount${CL}" \
"$(translate "Verify you can access the mounted share.")" \
"$(translate "Persist mount in CT /etc/fstab (optional):")" \
"echo '${CUS}<server-ip>:/export/path${CL} ${CUS}/mnt/nfs_share${CL} nfs defaults,_netdev,x-systemd.automount,noauto 0 0' >> /etc/fstab" \
"" \
""
show_command "5" \
"$(translate "Make permanent (optional):")" \
"echo '${CUS}192.168.1.100${CL}:${CUS}/path/to/share${CL} ${CUS}/mnt/nfs_share${CL} nfs4 rw,hard,intr,_netdev,rsize=1048576,wsize=1048576,timeo=600,retrans=2 0 0' >> /etc/fstab" \
"$(translate "Replace with your server IP and paths.")" \
""
show_command "6" \
"$(translate "Verify mount:")" \
"df -h | grep nfs" \
"$(translate "Shows NFS mounts.")" \
"mount | grep nfs\ndf -h | grep nfs" \
"" \
""
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
@@ -380,63 +441,47 @@ show_nfs_client_help() {
show_samba_client_help() {
clear
show_proxmenux_logo
msg_title "$(translate "Samba Client Configuration")"
msg_info2 "$(translate "How to configure a Samba client in an LXC container.")"
msg_title "$(translate "Samba Client in LXC (Privileged)")"
msg_warn "$(translate "Current Samba client script supports privileged LXC only.")"
echo -e
show_command "1" \
"$(translate "Update and install packages:")" \
"$(translate "Install CIFS client packages inside CT:")" \
"apt-get update && apt-get install -y cifs-utils" \
"" \
""
show_command "2" \
"$(translate "Create mount point:")" \
"mkdir -p ${CUS}/mnt/sambamount${CL}" \
"$(translate "Replace with your preferred path.")" \
"mkdir -p ${CUS}/mnt/samba_share${CL}" \
"" \
""
show_command "3" \
"$(translate "Mount Samba share:")" \
"mount -t cifs //${CUS}192.168.1.100${CL}/${CUS}shared${CL} ${CUS}/mnt/sambamount${CL} -o username=${CUS}sambauser${CL}" \
"$(translate "Replace server IP, share name and username. You'll be prompted for password.")" \
"$(translate "Create credentials file (recommended):")" \
"cat > /etc/samba/credentials/proxmenux.cred << 'EOF'\nusername=${CUS}<user>${CL}\npassword=${CUS}<pass>${CL}\nEOF\nchmod 600 /etc/samba/credentials/proxmenux.cred" \
"" \
""
show_command "4" \
"$(translate "Test access:")" \
"ls -la ${CUS}/mnt/sambamount${CL}" \
"$(translate "Verify you can access the mounted share.")" \
"$(translate "Mount CIFS share:")" \
"mount -t cifs //${CUS}<server-ip>/<share>${CL} ${CUS}/mnt/samba_share${CL} -o credentials=/etc/samba/credentials/proxmenux.cred,iocharset=utf8,file_mode=0664,dir_mode=0775" \
"" \
""
show_command "5" \
"$(translate "Create credentials file (optional):")" \
"cat > /etc/samba/credentials << EOF
username=${CUS}sambauser${CL}
password=${CUS}your_password${CL}
EOF
chmod 600 /etc/samba/credentials" \
"$(translate "Secure way to store credentials.")" \
"$(translate "Persist mount in CT /etc/fstab (optional):")" \
"echo '//${CUS}<server-ip>/<share>${CL} ${CUS}/mnt/samba_share${CL} cifs credentials=/etc/samba/credentials/proxmenux.cred,_netdev,x-systemd.automount,noauto 0 0' >> /etc/fstab" \
"" \
""
show_command "6" \
"$(translate "Mount with credentials file:")" \
"mount -t cifs //${CUS}192.168.1.100${CL}/${CUS}shared${CL} ${CUS}/mnt/sambamount${CL} -o credentials=/etc/samba/credentials" \
"$(translate "No password prompt needed.")" \
"$(translate "Verify mount:")" \
"mount -t cifs\ndf -h | grep cifs" \
"" \
""
show_command "7" \
"$(translate "Make permanent (optional):")" \
"echo '//${CUS}192.168.1.100${CL}/${CUS}shared${CL} ${CUS}/mnt/sambamount${CL} cifs credentials=/etc/samba/credentials,_netdev 0 0' >> /etc/fstab" \
"$(translate "Replace with your values.")" \
""
show_command "8" \
"$(translate "Verify mount:")" \
"df -h | grep cifs" \
"$(translate "Shows CIFS/Samba mounts.")" \
""
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r
@@ -445,28 +490,35 @@ chmod 600 /etc/samba/credentials" \
show_help_menu() {
while true; do
CHOICE=$(dialog --title "$(translate "Help & Information")" \
--menu "$(translate "Select help topic:")" 24 80 14 \
--menu "$(translate "Select help topic:")" 24 90 14 \
"0" "$(translate "How to Access an LXC Terminal")" \
"1" "$(translate "Mount Remote Resources on Proxmox Host")" \
"2" "$(translate "Mount Host Directory to LXC Container")" \
"3" "$(translate "NFS Server Installation")" \
"4" "$(translate "Samba Server Installation")" \
"5" "$(translate "NFS Client Configuration")" \
"6" "$(translate "Samba Client Configuration")" \
"7" "$(translate "Return to Main Menu")" \
"1" "$(translate "Host NFS/Samba as Proxmox Storage (pvesm)")" \
"2" "$(translate "Local Shared Directory on Host")" \
"3" "$(translate "Add Local Disk as Proxmox Storage")" \
"4" "$(translate "Add iSCSI Target as Proxmox Storage")" \
"5" "$(translate "Mount Host Directory to LXC Container")" \
"6" "$(translate "NFS Client in LXC (privileged)")" \
"7" "$(translate "Samba Client in LXC (privileged)")" \
"8" "$(translate "NFS Server in LXC (privileged)")" \
"9" "$(translate "Samba Server in LXC (privileged)")" \
"10" "$(translate "Return to Share Menu")" \
3>&1 1>&2 2>&3)
case $CHOICE in
case "$CHOICE" in
0) show_how_to_enter_lxc ;;
1) show_host_mount_resources_help ;;
2) show_host_to_lxc_mount_help ;;
3) show_nfs_server_help ;;
4) show_samba_server_help ;;
5) show_nfs_client_help ;;
6) show_samba_client_help ;;
7) return ;;
1) show_host_storage_help ;;
2) show_local_share_help ;;
3) show_disk_host_help ;;
4) show_iscsi_host_help ;;
5) show_host_to_lxc_mount_help ;;
6) show_nfs_client_help ;;
7) show_samba_client_help ;;
8) show_nfs_server_help ;;
9) show_samba_server_help ;;
10) return ;;
*) return ;;
esac
done
}
show_help_menu

765
scripts/share/disk_host.sh
View File

File diff suppressed because it is too large Load Diff

6
scripts/share/iscsi_host.sh
View File

@@ -55,7 +55,6 @@ ensure_iscsi_tools() {
fi
if ! systemctl is-active --quiet iscsid 2>/dev/null; then
msg_info "$(translate "Starting iSCSI daemon...")"
systemctl start iscsid 2>/dev/null || true
fi
}
@@ -65,10 +64,9 @@ ensure_iscsi_tools() {
# ==========================================================
select_iscsi_portal() {
ISCSI_PORTAL=$(whiptail --inputbox \
ISCSI_PORTAL=$(dialog --backtitle "ProxMenux" --title "$(translate "iSCSI Portal")" --inputbox \
"$(translate "Enter iSCSI target portal IP or hostname:")\n\n$(translate "Examples:")\n 192.168.1.100\n 192.168.1.100:3260\n nas.local" \
14 65 \
--title "$(translate "iSCSI Portal")" 3>&1 1>&2 2>&3)
14 65 3>&1 1>&2 2>&3)
[[ $? -ne 0 || -z "$ISCSI_PORTAL" ]] && return 1
# Normalise: if no port specified, add default 3260

232
scripts/share/local-shared-manager.sh
View File

@@ -6,82 +6,236 @@
# Copyright : (c) 2024 MacRimi
# License : MIT
# Version : 1.0
# Last Updated: $(date +%d/%m/%Y)
# Last Updated: 08/04/2026
# ==========================================================
# Configuration
LOCAL_SCRIPTS="/usr/local/share/proxmenux/scripts"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
LOCAL_SCRIPTS_LOCAL="$(cd "$SCRIPT_DIR/.." && pwd)"
LOCAL_SCRIPTS_DEFAULT="/usr/local/share/proxmenux/scripts"
LOCAL_SCRIPTS="$LOCAL_SCRIPTS_DEFAULT"
BASE_DIR="/usr/local/share/proxmenux"
UTILS_FILE="$BASE_DIR/utils.sh"
UTILS_FILE="$LOCAL_SCRIPTS/utils.sh"
if [[ -f "$LOCAL_SCRIPTS_LOCAL/utils.sh" ]]; then
LOCAL_SCRIPTS="$LOCAL_SCRIPTS_LOCAL"
UTILS_FILE="$LOCAL_SCRIPTS/utils.sh"
elif [[ ! -f "$UTILS_FILE" ]]; then
UTILS_FILE="$BASE_DIR/utils.sh"
fi
if [[ -f "$UTILS_FILE" ]]; then
source "$UTILS_FILE"
fi
SHARE_COMMON_FILE="$LOCAL_SCRIPTS/global/share-common.func"
if ! source "$SHARE_COMMON_FILE" 2>/dev/null; then
SHARE_COMMON_LOADED=false
else
SHARE_COMMON_LOADED=true
msg_error "$(translate "Could not load shared functions. Script cannot continue.")"
exit 1
fi
load_language
initialize_cache
if ! command -v pveversion >/dev/null 2>&1; then
dialog --backtitle "ProxMenux" --title "$(translate "Error")" \
--msgbox "$(translate "This script must be run on a Proxmox host.")" 8 60
exit 1
fi
# ==========================================================
create_shared_directory() {
SHARED_DIR=$(pmx_select_host_mount_point "$(translate "Select Shared Directory Location")" "/mnt/shared")
[[ -z "$SHARED_DIR" ]] && return
lsm_apply_multi_unpriv_permissions() {
local dir="$1"
[[ -z "$dir" || ! -d "$dir" ]] && return 1
if [[ -d "$SHARED_DIR" ]]; then
if ! whiptail --yesno "$(translate "Directory already exists. Continue with permission setup?")" 10 70 --title "$(translate "Directory Exists")"; then
return
# root:root ownership — no new group needed.
chown root:root "$dir" 2>/dev/null || true
# 1777 = sticky bit (prevents cross-container file deletion) + world-rwx.
# Unprivileged LXC UIDs (100000+) appear as 'others' on the host,
# so 'o+rwx' is what grants them read+write access.
chmod 1777 "$dir" 2>/dev/null || true
# Ensure existing content is readable/writable regardless of UID mapping.
chmod -R a+rwX "$dir" 2>/dev/null || true
find "$dir" -type d -exec chmod 1777 {} + 2>/dev/null || true
if command -v setfacl >/dev/null 2>&1; then
# Remove restrictive ACLs and enforce permissive inheritance for new files.
setfacl -b -R "$dir" 2>/dev/null || true
setfacl -R -m u::rwx,g::rwx,o::rwx,m::rwx "$dir" 2>/dev/null || true
setfacl -R -m d:u::rwx,d:g::rwx,d:o::rwx,d:m::rwx "$dir" 2>/dev/null || true
fi
return 0
}
# Returns a free name like /mnt/shared, /mnt/shared2, /mnt/shared3 …
lsm_next_free_name() {
local base="${1:-shared}"
local candidate="/mnt/$base"
[[ ! -d "$candidate" ]] && echo "$candidate" && return
local n=2
while [[ -d "/mnt/${base}${n}" ]]; do
((n++))
done
echo "/mnt/${base}${n}"
}
lsm_list_mnt_folders() {
show_proxmenux_logo
msg_title "$(translate "Folders in /mnt")"
echo "=================================================="
if [[ ! -d /mnt ]] || [[ -z "$(ls -A /mnt 2>/dev/null)" ]]; then
echo ""
echo -e "${TAB}$(translate "No folders found in /mnt.")"
else
local found=false
while IFS= read -r dir; do
[[ ! -d "$dir" ]] && continue
found=true
local perms owner
perms=$(stat -c "%a" "$dir" 2>/dev/null)
owner=$(stat -c "%U:%G" "$dir" 2>/dev/null)
echo ""
echo -e "${TAB}${BGN}$(translate "Directory:")${CL} ${BL}$dir${CL}"
echo -e "${TAB}${BGN}$(translate "Permissions:")${CL} ${BL}${perms} $(stat -c "(%A)" "$dir" 2>/dev/null)${CL}"
echo -e "${TAB}${BGN}$(translate "Owner:")${CL} ${BL}${owner}${CL}"
done < <(find /mnt -mindepth 1 -maxdepth 1 -type d | sort)
if [[ "$found" = false ]]; then
echo ""
echo -e "${TAB}$(translate "No folders found in /mnt.")"
fi
fi
echo ""
echo "=================================================="
echo ""
SHARE_GROUP=$(pmx_choose_or_create_group "sharedfiles") || return 1
SHARE_GID=$(pmx_ensure_host_group "$SHARE_GROUP" 101000) || return 1
if command -v setfacl >/dev/null 2>&1; then
setfacl -k /mnt 2>/dev/null || true
setfacl -b /mnt 2>/dev/null || true
fi
chmod 755 /mnt 2>/dev/null || true
pmx_prepare_host_shared_dir "$SHARED_DIR" "$SHARE_GROUP" || return 1
if command -v setfacl >/dev/null 2>&1; then
setfacl -b -R "$SHARED_DIR" 2>/dev/null || true
# Summary of /mnt available space
if mountpoint -q /mnt 2>/dev/null || [[ -d /mnt ]]; then
local mnt_avail mnt_total
mnt_avail=$(df -h /mnt 2>/dev/null | awk 'NR==2{print $4}')
mnt_total=$(df -h /mnt 2>/dev/null | awk 'NR==2{print $2}')
if [[ -n "$mnt_avail" ]]; then
echo -e "${TAB}${BGN}$(translate "Available space in /mnt:")${CL} ${BL}${mnt_avail} $(translate "of") ${mnt_total}${CL}"
echo ""
fi
fi
msg_success "$(translate "Press Enter to return to menu...")"
read -r
}
chown root:"$SHARE_GROUP" "$SHARED_DIR"
chmod 2775 "$SHARED_DIR"
# Result is stored in LSM_SELECTED_MOUNT_POINT (not echoed) to avoid subshell issues
LSM_SELECTED_MOUNT_POINT=""
pmx_share_map_set "$SHARED_DIR" "$SHARE_GROUP"
lsm_select_host_mount_point_dialog() {
local title="${1:-$(translate "Select Shared Directory Location")}"
local base_name="${2:-shared}"
local choice folder_name result mount_point
LSM_SELECTED_MOUNT_POINT=""
# Auto-suggest a free name in /mnt
local suggested
suggested=$(lsm_next_free_name "$base_name")
while true; do
choice=$(dialog --backtitle "ProxMenux" \
--title "$title" \
--menu "\n$(translate "Where do you want the host folder?")" 16 72 4 \
"1" "$(translate "Create new folder in /mnt")" \
"2" "$(translate "Enter custom path")" \
"3" "$(translate "View existing folders in /mnt")" \
"4" "$(translate "Cancel")" \
3>&1 1>&2 2>&3) || return 1
case "$choice" in
1)
folder_name=$(dialog --backtitle "ProxMenux" \
--title "$(translate "Folder Name")" \
--inputbox "\n$(translate "Enter folder name for /mnt:")" 10 70 "$(basename "$suggested")" \
3>&1 1>&2 2>&3) || continue
[[ -z "$folder_name" ]] && continue
mount_point="/mnt/$folder_name"
# Only warn if the user manually typed an existing name
if [[ -d "$mount_point" ]]; then
if ! dialog --backtitle "ProxMenux" --title "$(translate "Directory Exists")" \
--yesno "\n$(translate "Directory already exists. Continue with permission setup?")" 8 70; then
continue
fi
fi
;;
2)
result=$(dialog --backtitle "ProxMenux" \
--title "$(translate "Custom Path")" \
--inputbox "\n$(translate "Enter full path:")" 10 80 "" \
3>&1 1>&2 2>&3) || continue
[[ -z "$result" ]] && continue
mount_point="$result"
if [[ -d "$mount_point" ]]; then
if ! dialog --backtitle "ProxMenux" --title "$(translate "Directory Exists")" \
--yesno "\n$(translate "Directory already exists. Continue with permission setup?")" 8 70; then
continue
fi
fi
;;
3)
lsm_list_mnt_folders
# Refresh suggestion after viewing
suggested=$(lsm_next_free_name "$base_name")
continue
;;
4) return 1 ;;
*) continue ;;
esac
if [[ ! "$mount_point" =~ ^/ ]]; then
dialog --backtitle "ProxMenux" --title "$(translate "Invalid Path")" \
--msgbox "\n$(translate "Path must be absolute (start with /).")" 8 60
continue
fi
LSM_SELECTED_MOUNT_POINT="$mount_point"
return 0
done
}
create_shared_directory() {
lsm_select_host_mount_point_dialog "$(translate "Select Shared Directory Location")" "shared"
[[ -z "$LSM_SELECTED_MOUNT_POINT" ]] && return
SHARED_DIR="$LSM_SELECTED_MOUNT_POINT"
show_proxmenux_logo
msg_title "$(translate "Create Shared Directory")"
if ! mkdir -p "$SHARED_DIR" 2>/dev/null; then
msg_error "$(translate "Failed to create directory:") $SHARED_DIR"
echo ""
msg_success "$(translate "Press Enter to continue...")"
read -r
return 1
fi
msg_ok "$(translate "Directory created:") $SHARED_DIR"
lsm_apply_multi_unpriv_permissions "$SHARED_DIR"
pmx_share_map_set "$SHARED_DIR" "open"
echo -e ""
echo -e "${TAB}${BOLD}$(translate "Shared Directory Created:")${CL}"
echo -e "${TAB}${BOLD}$(translate "Shared Directory Ready:")${CL}"
echo -e "${TAB}${BGN}$(translate "Directory:")${CL} ${BL}$SHARED_DIR${CL}"
echo -e "${TAB}${BGN}$(translate "Group:")${CL} ${BL}$SHARE_GROUP (GID: $SHARE_GID)${CL}"
echo -e "${TAB}${BGN}$(translate "Permissions:")${CL} ${BL}2775 (rwxrwsr-x)${CL}"
echo -e "${TAB}${BGN}$(translate "Owner:")${CL} ${BL}root:$SHARE_GROUP${CL}"
echo -e "${TAB}${BGN}$(translate "ACL Status:")${CL} ${BL}$(translate "Cleaned and set for POSIX inheritance")${CL}"
echo -e "${TAB}${BGN}$(translate "Permissions:")${CL} ${BL}1777 (rwxrwxrwt)${CL}"
echo -e "${TAB}${BGN}$(translate "Owner:")${CL} ${BL}root:root${CL}"
echo -e "${TAB}${BGN}$(translate "Access profile:")${CL} ${BL}$(translate "Compatible with privileged and unprivileged LXC containers")${CL}"
echo -e "${TAB}${BGN}$(translate "ACL Status:")${CL} ${BL}$(translate "Open rwx + default inheritance for new files")${CL}"
echo -e ""
msg_success "$(translate "Press Enter to return to menu...")"
read -r

266
scripts/share/lxc-mount-manager_minimal.sh
View File

@@ -229,15 +229,13 @@ select_host_directory_unified() {
return 1
fi
# Warn about CIFS Proxmox-GUI storage (read-only limitation)
# Store the storage type as a global so the main flow can act on it later.
# We don't block the user here — the active fix happens after we know the container type.
LMM_HOST_DIR_TYPE="local"
if detect_problematic_storage "$result" "Proxmox-Storage" "CIFS/SMB"; then
dialog --clear --title "$(translate "CIFS Storage Notice")" --yesno "\
$(translate "This directory is a CIFS storage managed by Proxmox.")\n\n\
$(translate "CIFS storage configured through Proxmox GUI applies restrictive permissions.")\n\
$(translate "LXC containers can usually READ but may NOT be able to WRITE.")\n\n\
$(translate "For write access, use 'Add Samba Share as Proxmox Storage' option instead.")\n\n\
$(translate "Do you want to continue anyway?")" 14 80 3>&1 1>&2 2>&3
[[ $? -ne 0 ]] && return 1
LMM_HOST_DIR_TYPE="cifs"
elif detect_problematic_storage "$result" "Proxmox-Storage" "NFS"; then
LMM_HOST_DIR_TYPE="nfs"
fi
echo "$result"
@@ -314,7 +312,7 @@ select_container_mount_point() {
fi
# Check if path is already used as a mount point in this CT
if pct config "$ctid" 2>/dev/null | grep -q "mp=.*$mount_point"; then
if pct config "$ctid" 2>/dev/null | grep -qE "mp=${mount_point}(,|$)"; then
whiptail --msgbox "$(translate "This path is already used as a mount point in this container.")" 8 70
continue
fi
@@ -364,7 +362,7 @@ add_bind_mount() {
fi
# Check if this host path is already mounted in this CT
if pct config "$ctid" 2>/dev/null | grep -q "^mp[0-9]*:.*${host_path},"; then
if pct config "$ctid" 2>/dev/null | grep -qF " ${host_path},"; then
msg_warn "$(translate "Mount already exists for this path in container") $ctid"
return 1
fi
@@ -555,6 +553,199 @@ $(translate "Proceed with removal")?"
read -r
}
# ==========================================================
# ACTIVE FIXES FOR NETWORK STORAGE (CIFS / NFS)
# These functions act on problems instead of just warning about them.
# ==========================================================
lmm_fix_cifs_access() {
local host_dir="$1"
local is_unprivileged="$2"
# CIFS mounted by Proxmox GUI uses uid=0/gid=0 by default (root only).
# The fix: remount with uid/gid that the LXC can access.
# We detect the current mount options and propose a corrected remount.
local mount_src mount_opts
mount_src=$(findmnt -n -o SOURCE --target "$host_dir" 2>/dev/null)
mount_opts=$(findmnt -n -o OPTIONS --target "$host_dir" 2>/dev/null)
if [[ -z "$mount_src" ]]; then
dialog --backtitle "ProxMenux" \
--title "$(translate "CIFS Mount Not Found")" \
--msgbox "$(translate "Could not detect the CIFS mount for this directory. Try accessing it manually.")" 8 70
return 0
fi
# Determine which uid/gid to use
local target_uid target_gid
if [[ "$is_unprivileged" == "1" ]]; then
# Unprivileged LXC: container root (UID 0) maps to host UID 100000.
# Use file_mode/dir_mode 0777 + uid=0/gid=0 — CIFS maps them to everyone.
target_uid=0
target_gid=0
else
target_uid=0
target_gid=0
fi
# Build new options: strip existing uid/gid/file_mode/dir_mode, add ours
local new_opts
new_opts=$(echo "$mount_opts" | sed -E \
's/(^|,)(uid|gid|file_mode|dir_mode)=[^,]*//g' | \
sed 's/^,//')
new_opts="${new_opts},uid=${target_uid},gid=${target_gid},file_mode=0777,dir_mode=0777"
new_opts="${new_opts/#,/}"
if dialog --backtitle "ProxMenux" \
--title "$(translate "Fix CIFS Permissions")" \
--yesno \
"$(translate "This CIFS share is mounted with restrictive permissions.")\n\n\
$(translate "ProxMenux can remount it with open permissions so any LXC can read and write.")\n\n\
$(translate "Current mount options:")\n${mount_opts}\n\n\
$(translate "New mount options to apply:")\n${new_opts}\n\n\
$(translate "Apply fix now? (The share will be briefly remounted)")" \
18 84 3>&1 1>&2 2>&3; then
msg_info "$(translate "Remounting CIFS share with open permissions...")"
if umount "$host_dir" 2>/dev/null && \
mount -t cifs "$mount_src" "$host_dir" -o "$new_opts" 2>/dev/null; then
msg_ok "$(translate "CIFS share remounted — LXC containers can now read and write")"
# Update fstab if the mount is there
if grep -qF "$host_dir" /etc/fstab 2>/dev/null; then
sed -i "s|^\(${mount_src}[[:space:]].*${host_dir}.*cifs[[:space:]]\).*|\1${new_opts} 0 0|" /etc/fstab 2>/dev/null || true
msg_ok "$(translate "/etc/fstab updated — permissions will persist after reboot")"
fi
else
msg_warn "$(translate "Could not remount automatically. Try manually or check credentials.")"
fi
fi
}
lmm_fix_nfs_access() {
local host_dir="$1"
local is_unprivileged="$2"
local uid_shift="${3:-100000}"
# NFS: the host cannot override server-side permissions.
# BUT: if the server exports with root_squash (default), we can check
# if no_root_squash or all_squash is possible, and guide the user.
# What we CAN do on the host: apply a sticky+open directory as a cache layer
# if the NFS mount allows it.
local mount_src mount_opts
mount_src=$(findmnt -n -o SOURCE --target "$host_dir" 2>/dev/null)
mount_opts=$(findmnt -n -o OPTIONS --target "$host_dir" 2>/dev/null)
# Try to detect if we can write to the NFS share as root
local can_write=false
local testfile="${host_dir}/.proxmenux_write_test_$$"
if touch "$testfile" 2>/dev/null; then
rm -f "$testfile" 2>/dev/null
can_write=true
fi
local server_hint=""
if [[ -n "$mount_src" ]]; then
server_hint="${mount_src%%:*}"
fi
if [[ "$can_write" == "true" && "$is_unprivileged" == "1" ]]; then
# Root on host CAN write to NFS, but unprivileged LXC UIDs (100000+)
# will be squashed by the NFS server. We can set a world-writable sticky
# dir on the share itself so the container can write to it.
if dialog --backtitle "ProxMenux" \
--title "$(translate "Fix NFS Access for Unprivileged LXC")" \
--yesno \
"$(translate "NFS server export is writable from the host, but unprivileged LXC containers use mapped UIDs (${uid_shift}+) which the NFS server will squash.")\n\n\
$(translate "ProxMenux can apply open permissions on this NFS directory from the host so the container can read and write:")\n\n\
$(translate " chmod 1777 + setfacl o::rwx (applied on the NFS share from this host)")\n\n\
$(translate "Note: this only works if the NFS server does NOT use 'all_squash' for root.")\n\
$(translate "If it still fails, the NFS server export options must be changed on the server.")\n\n\
$(translate "Apply fix now?")" \
18 84 3>&1 1>&2 2>&3; then
if chmod 1777 "$host_dir" 2>/dev/null; then
msg_ok "$(translate "NFS directory permissions set — containers should now be able to write")"
else
msg_warn "$(translate "chmod failed — NFS server may be restricting changes from root")"
fi
if command -v setfacl >/dev/null 2>&1; then
setfacl -m o::rwx "$host_dir" 2>/dev/null || true
setfacl -m d:o::rwx "$host_dir" 2>/dev/null || true
fi
fi
elif [[ "$can_write" == "false" ]]; then
# Even root cannot write — NFS server is fully restrictive
local server_msg=""
[[ -n "$server_hint" ]] && server_msg="\n$(translate "NFS server:"): ${server_hint}"
dialog --backtitle "ProxMenux" \
--title "$(translate "NFS Access Restricted")" \
--msgbox \
"$(translate "This NFS share is fully restricted — even the host root cannot write to it.")\n\
${server_msg}\n\n\
$(translate "ProxMenux cannot override NFS server-side permissions from the host.")\n\n\
$(translate "To allow LXC write access, change the NFS export on the server to include:")\n\n\
$(translate " no_root_squash") $(translate "(if only privileged LXCs need write access)")\n\
$(translate " all_squash,anonuid=65534,anongid=65534") $(translate "(for unprivileged LXCs)")\n\n\
$(translate "You can still mount this share for READ-ONLY access.")" \
20 84 3>&1 1>&2 2>&3
fi
}
# ==========================================================
# HOST PERMISSION CHECK (host-side only, never touches the container)
# ==========================================================
lmm_offer_host_permissions() {
local host_dir="$1"
local is_unprivileged="$2"
# Privileged containers: UID 0 inside = UID 0 on host — always accessible
[[ "$is_unprivileged" != "1" ]] && return 0
# Check if 'others' already have r+x (minimum to traverse and read)
local stat_perms others_bits
stat_perms=$(stat -c "%a" "$host_dir" 2>/dev/null) || return 0
others_bits=$(( 8#${stat_perms} & 7 ))
# Check ACLs first if available (takes precedence over mode bits)
if command -v getfacl >/dev/null 2>&1; then
if getfacl -p "$host_dir" 2>/dev/null | grep -q "^other::.*r.*x"; then
return 0 # ACL already grants others r+x or better
fi
fi
# 5 = r-x (bits: r=4, x=1). If already r+x or rwx we're fine.
(( (others_bits & 5) == 5 )) && return 0
# Permissions are insufficient — offer to fix HOST directory only
local current_perms
current_perms=$(stat -c "%A" "$host_dir" 2>/dev/null)
if dialog --backtitle "ProxMenux" \
--title "$(translate "Unprivileged Container Access")" \
--yesno \
"$(translate "The host directory may not be accessible from an unprivileged container.")\n\n\
$(translate "Unprivileged containers map their UIDs to high host UIDs (e.g. 100000+), which appear as 'others' on the host filesystem.")\n\n\
$(translate "Current permissions:"): ${current_perms}\n\n\
$(translate "Apply read+write access for 'others' on the host directory?")\n\n\
$(translate "(Only the host directory is modified. Nothing inside the container is changed.")" \
16 80 3>&1 1>&2 2>&3; then
chmod o+rwx "$host_dir" 2>/dev/null || true
if command -v setfacl >/dev/null 2>&1; then
setfacl -m o::rwx "$host_dir" 2>/dev/null || true
setfacl -m d:o::rwx "$host_dir" 2>/dev/null || true
fi
msg_ok "$(translate "Host directory permissions updated — unprivileged containers can now access it")"
fi
}
# ==========================================================
# MAIN FUNCTION — ADD MOUNT
# ==========================================================
@@ -577,7 +768,7 @@ mount_host_directory_minimal() {
# Step 4: Get container type info (for display only)
local uid_shift container_type_display
uid_shift=$(awk -F: '/^lxc.idmap.*u 0/ {print $5}' "/etc/pve/lxc/${container_id}.conf" 2>/dev/null | head -1)
uid_shift=$(awk '/^lxc.idmap.*u 0/ {print $5}' "/etc/pve/lxc/${container_id}.conf" 2>/dev/null | head -1)
local is_unprivileged
is_unprivileged=$(grep "^unprivileged:" "/etc/pve/lxc/${container_id}.conf" 2>/dev/null | awk '{print $2}')
if [[ "$is_unprivileged" == "1" ]]; then
@@ -588,7 +779,13 @@ mount_host_directory_minimal() {
uid_shift="0"
fi
# Step 5: Confirmation
# Step 5: Active fix for network storage (before confirmation, while we know container type)
case "${LMM_HOST_DIR_TYPE:-local}" in
cifs) lmm_fix_cifs_access "$host_dir" "$is_unprivileged" ;;
nfs) lmm_fix_nfs_access "$host_dir" "$is_unprivileged" "$uid_shift" ;;
esac
# Step 6: Confirmation
local confirm_msg
confirm_msg="$(translate "Mount Configuration Summary:")
@@ -597,17 +794,12 @@ $(translate "Host Directory"): $host_dir
$(translate "Container Mount Point"): $ct_mount_point
$(translate "IMPORTANT NOTES:")
- $(translate "Host directory permissions and ownership are NOT modified")
- $(translate "Container filesystem is NOT modified")
- $(translate "If access fails after mounting, adjust permissions manually:")
$(if [[ "$is_unprivileged" == "1" ]]; then
echo " # Allow container UID ${uid_shift}+ to access host dir:"
echo " setfacl -m u:${uid_shift}:rwx \"$host_dir\""
echo " setfacl -d:m u:${uid_shift}:rwx \"$host_dir\""
else
echo " chmod 755 \"$host_dir\""
fi)
- $(translate "Nothing inside the container is modified")
- $(if [[ "$is_unprivileged" == "1" ]]; then
translate "Host directory access for unprivileged containers has been prepared above"
else
translate "Privileged container — host root maps directly, no permission changes needed"
fi)
$(translate "Proceed")?"
@@ -621,7 +813,7 @@ $(translate "Proceed")?"
msg_ok "$(translate "Host directory:") $host_dir"
msg_ok "$(translate "Container mount point:") $ct_mount_point"
# Step 6: Add bind mount (the ONLY operation that changes anything)
# Step 7: Add bind mount
if ! add_bind_mount "$container_id" "$host_dir" "$ct_mount_point"; then
echo ""
msg_success "$(translate "Press Enter to continue...")"
@@ -629,27 +821,25 @@ $(translate "Proceed")?"
return 1
fi
# Step 7: Summary with permission hints
# Step 8: Host permission check for local dirs (only if not already handled above for CIFS/NFS)
if [[ "${LMM_HOST_DIR_TYPE:-local}" == "local" ]]; then
lmm_offer_host_permissions "$host_dir" "$is_unprivileged"
fi
# Step 9: Summary
echo ""
echo -e "${TAB}${BOLD}$(translate "Mount Added Successfully:")${CL}"
echo -e "${TAB}${BGN}$(translate "Container:")${CL} ${BL}$container_id${CL}"
echo -e "${TAB}${BGN}$(translate "Host Directory:")${CL} ${BL}$host_dir${CL}"
echo -e "${TAB}${BGN}$(translate "Mount Point:")${CL} ${BL}$ct_mount_point${CL}"
if [[ "$is_unprivileged" == "1" ]]; then
echo -e "${TAB}${YW}$(translate "Unprivileged container — UID offset:") ${uid_shift}${CL}"
else
echo -e "${TAB}${DGN}$(translate "Privileged container — direct root access")${CL}"
fi
echo ""
if [[ "$is_unprivileged" == "1" ]]; then
local mapped_uid="$uid_shift"
echo -e "${TAB}${YW}$(translate "UNPRIVILEGED container — UID mapping active:")${CL}"
echo -e "${TAB} $(translate "Container UID 0")$(translate "Host UID") $mapped_uid"
echo -e "${TAB} $(translate "If access fails, run on the host:")"
echo -e "${TAB} ${DGN}setfacl -m u:${mapped_uid}:rwx \"$host_dir\"${CL}"
echo -e "${TAB} ${DGN}setfacl -d:m u:${mapped_uid}:rwx \"$host_dir\"${CL}"
else
echo -e "${TAB}${DGN}$(translate "PRIVILEGED container — direct UID mapping")${CL}"
echo -e "${TAB} $(translate "Ensure") $host_dir $(translate "is accessible by root (chmod 755 or wider)")"
fi
# Step 8: Offer restart
# Step 10: Offer restart
echo ""
if whiptail --yesno "$(translate "Restart container to activate mount?")" 8 60; then
msg_info "$(translate "Restarting container...")"

2
scripts/share/nfs_host.sh
View File

@@ -253,7 +253,7 @@ add_proxmox_nfs_storage() {
fi
msg_ok "$(translate "Storage ID is available")"
msg_info "$(translate "NFS storage adding in progress...")"
if pvesm_output=$(pvesm add nfs "$storage_id" \
--server "$server" \
--export "$export" \