Multi-user management Lxd

irtazahussain · December 18, 2024, 7:46am

I have deployed lxd in cluster mode and now I want to manage the projects on the basis of users. my scenerio is like, One user can create multiple projects and only have access to those projects and the resources that belongs to the created one. I’ve create the daemon.user.group=users,daemon.user.group=admin

Now I create a foo user and added useradd foo users to users group but I am still not able to access the lxd socket

bar@lx-stg1:/home/irtaza.hussain$ lxc info
Error: LXD unix socket “/var/snap/lxd/common/lxd-user/unix.socket” not accessible: Get “http://unix.socket/1.0”: read unix @->/var/snap/lxd/common/lxd-user/unix.socket: read: connection reset by peer

bar@lx-stg1:/home/irtaza.hussain$ ls -lh /var/snap/lxd/common/lxd-user/unix.socket
srw-rw---- 1 root users 0 Dec 6 06:28 /var/snap/lxd/common/lxd-user/unix.socket
bar@lx-stg1:/home/irtaza.hussain$ ls -lh /var/snap/lxd/common/lxd-user/
ls: cannot open directory ‘/var/snap/lxd/common/lxd-user/’: Permission denied
bar@lx-stg1:/home/irtaza.hussain$ exit
exit
root@lx-stg1:/home/irtaza.hussain# ls -lh /var/snap/lxd/common/lxd-user/unix.socket
srw-rw---- 1 root users 0 Dec 6 06:28 /var/snap/lxd/common/lxd-user/unix.socket
root@lx-stg1:/home/irtaza.hussain# cd
root@lx-stg1:~# ls -lh /var/snap/lxd/common/lxd-user/
total 0
srw-rw---- 1 root users 0 Dec 6 06:28 unix.socket
drwx------ 2 root root 6 Dec 18 07:43 users
root@lx-stg1:~# ^C
root@lx-stg1:~# id
uid=0(root) gid=0(root) groups=0(root)
root@lx-stg1:~# su bar
bar@lx-stg1:/root$ id
uid=1006(bar) gid=1007(bar) groups=1007(bar),100(users)
bar@lx-stg1:/root$

Can you guys help me to resolve the issue and help me to handle project level management

markylaing · December 19, 2024, 8:23am

The command to set the group for the multi-user daemon is:

sudo snap set lxd daemon.user.group=<user_group>

It looks like you may have initially set this to users and then set it again to admin, which the current user is not a member of.

You can find more information here: https://documentation.ubuntu.com/lxd/en/latest/howto/projects_confine/#confine-users-to-specific-lxd-projects-via-unix-socket