Justahobby01
In order for the LXC container to have full access the proxmox host directory, a subgid is set as owner of a host directory, and an ACL is used to ensure permissions.
Add the following line to /etc/pve/lxc/<CT_ID>.conf
mp0:/mount/point/on/host,mp=/mount/point/on/lxc
OR
pct set 100 -mp0 /mnt/bindmounts/shared,mp=/shared
This works on a Pi 4, and should work on a Pi 3, but to work on a Pi Zero you would have to figure out how to compile your own client. More info in this thread on the Proxmox forums.
Run the following command. If you get arm64, it's 64bit, otherwise you'll see armv7l which is 32bit.
uname -m
In order for the LXC container to have full access the proxmox host directory, a subgid is set as owner of a host directory, and an ACL is used to ensure permissions.
Add the following line to /etc/pve/lxc/<CT_ID>.conf
mp0:/mount/point/on/host,mp=/mount/point/on/lxc
In the default Proxmox configuration, unpriviliged container subgids will have the prefix "10" followed by the expected 4-digit gid.
| # Disable Commercial Repo | |
| sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list | |
| apt-get update | |
| # Add PVE Community Repo | |
| echo "deb http://download.proxmox.com/debian/pve $(grep "VERSION=" /etc/os-release | sed -n 's/.*(\(.*\)).*/\1/p') pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list | |
| apt-get update | |
| # Remove nag | |
| echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; }; fi\"; };" > /etc/apt/apt.conf.d/no-nag-script |
The list of actions listed below was taken mostly from Book Of Zeus with minor modifications and did the job well for Ubuntu version, which was available at that moment (May 2016). This gist was created for internal use and was never meant to be discovered by the web, although Google managed to find and index this page, which was a great surprise for me. Please check the original source for the updated information (links are provided in most of the sections), and read the comments below: they provide more details about the usage experience.
http://bookofzeus.com/harden-ubuntu/initial-setup/system-updates/
Keeping the system updated is vital before starting anything on your system. This will prevent people to use known vulnerabilities to enter in your system.
New Server Setup (Reasonably Secure Ubuntu Box)
Basic setup for a new box:
blocks password logins - need to use public key blocks bruteforcing w/ fail2ban ufw/iptables to allow only SSH/HTTP/HTTPS from public weekly auto security updates vi unattended-upgrades basic setup