X-mount.idmap bind mounts not working

Hi there -

I’m in the process of setting up my new truenas scale build and I’m running into a challenge creating a bind mount designed to mount as an alternate user.

I’ve got a bunch of data in /mnt/core-hdd/privatedata/safesubfolder/media. It is owned by uid:gid 3006:3006, and I want to expose a subfolder (ro is fine) as a mount on another dataset that will be accessed by uid:gid 3010:3010. My hope was that I could do this without having to reassign all the permissions at source, but rather through a mount that impersonates the original user.

After a bit of research I though I could run a script like this on startup…

mount -o bind,ro,X-mount.idmap=b:3010:3006:1 /mnt/core-hdd/privatedata/safesubfolder/media /mnt/core-hdd/media/othermedia

Unfortunately, I cannot seems to get uid 3010 to have any permissions on the newly created mount. I’ve tried reversing the ids (b:3006:3010:1), putting in quotes, and just about anything I can think of, but it’s to no avail. (Root can see the mount contents just fine.)

The documentation I could find on X-mount.idmap seems to be quite limited (just a man page and handful of forum posts, so I’m really at a loss.

I’m open to ideas. Basically, I need to create a mount that impersonates another user without changing all the perms on the source files (they are the target of a sync process), and without moving data around all over the place, or creating NFS shares with maproot all over unless necessary. I would like to be able to use this technique in other places too.

(BTW - interestingly, truenas seems to actually respect the ‘ro’ option when creating bind mounts, in the past I’ve had to do a bind remount ro style command to make that work)

Open to ideas, and much appreciated!

FWIW, I can imagine a solution with NFS loopback mounts, but I’m not convinced it’s the right answer (or if it’s even supported, as there are reported issues with deadlocks, memory allocations, etc). It really seems like there has to be an easier answer.