DUH

All the catches

Bud…been doing this for 20 years. Don’t need your explainer.

The fact you didn’t mention the barest of minimums in your comment if where the issue lies. You’re just adding stacks on stacks of things by using any other network mount and having the user manage an encrypted image inside that mount. Also absent from what you were trying to explain. I’d work on that.

Point being, for a multi-user/tenant utility like OP is asking for, there are better tools for the job, of which I just named a couple standalone options. If they are running TrueNAS, Synology, or QNAP, or even NextCloud, there are already built-ins for this purpose, and apps to match.

If not, any of the other solutions I mentioned are much better suited for the use-case, especially, and if not only because, OP specifically said they DID NOT want exactly what you’re describing.

OP said they DON’T want LUKS. I’m also missing how the admin of the server (OP) wouldn’t have or store the keys unless and have these mounts available at all times?

You seem to be suggesting there is some way for a remote user to mount a LUKS image on its host, which is not a thing unless you’re first SSH’ing to said host and mounting it and making it available for export mount elsewhere, which is clearly not what OP is asking for here when they just want space for people to store media. Maybe I’m misunderstanding.

There Hook, Filen, Yeetfile, BatchIT…tons of these self-hosted stacks that do this with auth and user management built in. That’s what OP is asking about.

Those aren’t end-to-end encrypted from the user, and would need to be mounted on the local system with a key that is unique to each user. Not exactly user-friendly if supporting multiple users.

There are plenty of other solutions meant for the purpose OP is asking about.

There’s dozens out there, but the bigger question is: what’s your current hosting setup? What NAS are you running?

It would be simpler to just run something that your NAS platform supports already or has a mobile app for. Pretty much every solution you’ll find with e2e encryption is going to have its own client.

How’s everything else getting to your storage from your main container? They don’t share.

It depends on what kind of server this is. If it’s cloud-y, then you can just mount another volume and move everything there.

If it’s a amatatic VPS where you can’t uograde or change it at all, you’re not going to find a performance solution without using a CDN or manually mapping to something S3 compatible.

“Does a Shit Sandwich taste better than a Turd Burger?”

Nobody cares.

Fuck this loser. We have enough issues to deal with on a daily basis. We don’t need to subsidize your fear of having wasted ungodly amounts of money and becoming irrelevant.

That’s a YOU problem, fool.

If they require root at start, it’s more than likely they need to access devices or sockets on the host on startup. If it’s then transitioning to another uid/gid for the actual runtime in the container - which looks to be happening - its not quite rootLESS because it obviously requires root.

I’m unfamiliar with the linuxserver images, so don’t understand the need for root here.

1. No, you can’t “remove” your local networking interfaces from a container and expect it to use networking, anymore than you can remove the engine from a car, and expect it to drive. Set the default route of that container to some VPN tunnel interface, and you should be fine.
2. I’m not seeing a link to any config
3. 1000:1000 is usually the default user that is created for you when you setup a Linux system, so yes it’s reasonable for them to run as your user. It is NOT reasonable to run them as root, which is 0:0. Don’t do that.

$24/mo for 6 users and 3TB storage. All the other stuff as well.

Pricing here: https://proton.me/family

Need more details about how you’re running this test.

Proton is $15/mo for 2 users and gets you mail, 2TB drive, VPN, and Pass. Pretty worth it I’d say.

Oh no…anyway

I call BS.

You can get a WiFi or LTE trail cam that essentially to works the same. If you get LTE though, you’ll almost certainly need a VPN setup on your network as well to work around CGNAT issues.