- Create the group "lxc_shares" with GID=10000 in the LXC which will match the GID=110000 on the PVE host.
groupadd -g 10000 lxc_shares
- Add the user(s) that need access to the CIFS share to the group "lxc_shares". f.e.: jellyfin, plex, ... (the username depends on the application)
usermod -aG lxc_shares USERNAME
- Shutdown the LXC.
- Create the mount point on the PVE host.
mkdir -p /mnt/lxc_shares/nas_rwx
- Add NAS CIFS share to
/etc/fstab.
Spoiler: command explanation
- Adjust //NAS/nas/ in the middle of the command to match your CIFS hostname (or IP) //NAS/ and the share name /nas/.
- Adjust user=smb_username,pass=smb_password at the end of the command.
{ echo '' ; echo '# Mount CIFS share on demand with rwx permissions for use in LXCs (manually added)' ; echo '//NAS/nas/ /mnt/lxc_shares/nas_rwx cifs _netdev,x-systemd.automount,noatime,uid=100000,gid=110000,dir_mode=0770,file_mode=0770,user=smb_username,pass=smb_password 0 0' ; } | tee -a /etc/fstab
- Mount the share on the PVE host.
mount /mnt/lxc_shares/nas_rwx
- Add a bind mount of the share to the LXC config. Adjust the LXC_ID at the end of the command.
RWX (Read | Write | Execute) Permissions
You can mount it in the LXC with read+write+execute (rwx) permissions. { echo 'mp0: /mnt/lxc_shares/nas_rwx/,mp=/mnt/nas' ; } | tee -a /etc/pve/lxc/LXC_ID.conf
RO (Read Only) Permissions
You can also mount it in the LXC with read-only (ro) permissions. { echo 'mp0: /mnt/lxc_shares/nas_rwx/,mp=/mnt/nas,ro=1' ; } | tee -a /etc/pve/lxc/LXC_ID.conf
You can now start the LXC and verify that /mnt/nas/ is accessible from the container.