Enter your container ID, mount point details, and the host UID/GID you want to share. The tool generates the exact mpX: config line for /etc/pve/lxc/<CTID>.conf, the command to create the directory inside the container, and a host ownership check — all ready to copy.
Idmapped mounts (available in Proxmox 8.1+ on kernel 6.x) let an unprivileged container see host files as if it owns them, without editing /etc/subuid or /etc/subgid. If you need selective pass-through of specific UID/GID ranges, use the LXC UID/GID Mapping Tool instead.
/etc/pve/lxc/<CTID>.conf
Enter a CTID, host path, and LXC path to generate the config line.Enter a CTID and LXC path to generate the mkdir command.Enter a host path to generate the verification command.The Permission Bridge
Step 1: Identify Host Owners
Find the numeric UID and GID that own your data on the Proxmox host:
stat -c "%u %g" /path/to/host/data
The two numbers in the output are the UID and GID. Enter them into the tool above.
Step 2: Identify Container Users
Look up the service-account ID inside the container (e.g. the user running Jellyfin or Sonarr):
pct exec CTID -- id -u username
pct exec CTID -- id -g username
The UID and GID printed here are what the container process expects to run as. The idmapped mount makes the host files appear to be owned by those IDs at the kernel level.
Compatibility Notes
- Requires Proxmox 8.1 or newer (kernel 6.x or higher).
- Backing filesystem must support idmapped mounts: ZFS, ext4, XFS. Some legacy network mounts (older NFS/CIFS exports) do not support this feature.
For the conceptual background on UID/GID mapping, default offset layouts, and when traditional lxc.idmap is still the right call.