[SOLVED] After syncing to a new datastore: backup owner check failed (pve-user@pbs != backup@pam)

Cookiefamily

Well-Known Member
Jan 29, 2020
136
37
48
Germany
Hi,

I wanted to switch to a new datastore (store02) (on different disks) so did the following:
  1. Add a second datastore to the pbs server (store02)
  2. Added a remote with localhost and the store02 datastore
  3. Ran a sync from store01 to the "remote" localhost:store02
  4. Removed store01
  5. Modified the Permissions for the pve-user@pbs to allow access to store02
  6. In PVE removed the store01 datastore
  7. In PVE added a new datastore for store02
  8. Modified Backup Task to point to the new datastore.
Now I no longer see any backups in PVE in the "Content" tab of the datastore. When I try to run backups, I recieve the following:
VM 100 qmp command 'backup' failed - backup connect failed: command error: backup owner check failed (pve-user@pbs != backup@pam)
I kept the user at the pbs-side the same, what exactly is happening here? Shouldn't the permissions be carried over?
 
Hi,

I wanted to switch to a new datastore (store02) (on different disks) so did the following:
  1. Add a second datastore to the pbs server (store02)
  2. Added a remote with localhost and the store02 datastore
  3. Ran a sync from store01 to the "remote" localhost:store02
  4. Removed store01
  5. Modified the Permissions for the pve-user@pbs to allow access to store02
  6. In PVE removed the store01 datastore
  7. In PVE added a new datastore for store02
  8. Modified Backup Task to point to the new datastore.
Now I no longer see any backups in PVE in the "Content" tab of the datastore. When I try to run backups, I recieve the following:
VM 100 qmp command 'backup' failed - backup connect failed: command error: backup owner check failed (pve-user@pbs != backup@pam)
I kept the user at the pbs-side the same, what exactly is happening here? Shouldn't the permissions be carried over?
perhaps a quick search on the forum? there are plenty of info about this problem:
https://forum.proxmox.com/threads/backups-multi-pbs-replications.76514/#post-340732

The problem is that sync does not use the same user as the backups.
 
  • Like
Reactions: incrediblecube
you can use 'proxmox-backup-client change-owner' to change the owner, the option to set this on pull/sync jobs is in the works.
 
you can use 'proxmox-backup-client change-owner' to change the owner, the option to set this on pull/sync jobs is in the works.
For those of you who are confused a bit on this as I was, here is an example:

root@pbs:/# proxmox-backup-client change-owner vm/104 <youruser>@pbs --repository <yourrepository>

the "group" can be seen in the gui under your datastore. My "backup groups" were "vm/104", "vm/105" etc...
My repository name was "002"
 
Last edited:
For those of you who are confused a bit on this as I was, here is an example:

root@pbs:/# proxmox-backup-client change-owner vm/104 <youruser>@pbs --repository <yourrepository>

the "group" can be seen in the gui under your datastore. My "backup groups" were "vm/104", "vm/105" etc...
My repository name was "002"
Thank you for that example, I‘ll stick to the „hacky“ way suggested by oversite as I can easily change owners for all Backups at once. But good to have nonetheless!
 
For those of you who are confused a bit on this as I was, here is an example:

root@pbs:/# proxmox-backup-client change-owner vm/104 <youruser>@pbs --repository <yourrepository>

the "group" can be seen in the gui under your datastore. My "backup groups" were "vm/104", "vm/105" etc...
My repository name was "002"
How can I find out the repository? I entered the command on the pbs but only got back error. For me, the background is that I have switched to 2fa. Of course, I created an API token on the pbs and this one has retained the permissions. In the meantime, I deleted all backups because I believed that these backups were built on the old backups. However, I get the error described above. What can I do?

Thank you.
 

Attachments

  • Screenshot_20210606-231330.png
    Screenshot_20210606-231330.png
    295 KB · Views: 113
repository is the combination of user/token ID, PBS host and datastore:
USER@REALM@HOST:DATASTORE, e.g. root@pam!sv22-backup01@pbs.example.com:mydatastore. you should find all that information on the PVE side in your storage config entry ;)
 
repository is the combination of user/token ID, PBS host and datastore:
USER@REALM@HOST:DATASTORE, e.g. root@pam!sv22-backup01@pbs.example.com:mydatastore. you should find all that information on the PVE side in your storage config entry ;)
Do you mean the entries in "/etc/pve/storage.cfg"?

Then by "mydatastore" you mean "backup1" in my case?
I will try it out.
 

Attachments

  • 2021-06-07 20_22_39-vhost01 - Proxmox Virtual Environment.png
    2021-06-07 20_22_39-vhost01 - Proxmox Virtual Environment.png
    6.9 KB · Views: 74
Do you mean the entries in "/etc/pve/storage.cfg"?

Then by "mydatastore" you mean "backup1" in my case?
I will try it out.
The PBS entries in /etc/pve/storage.cfg yes, they are the same you see in the PVE GUI under datacenter/storage. Not the ones you show in the attachment as storage under one node.
 
  • Like
Reactions: djdonnerwolke
Probably going to get smacked with a stick for posting this, but I browsed to my proxmox backup server repository (which is a CIFS share on my synology). I drilled down into `vm` folder, then found a file in there called `owner`. I edited this with the name that my PBS is expecting (per the error log) and reloaded the repo. All OK now, backups and restores are working.

I only resorted to this because I thought deleting all the backups from within proxmox would allow me to run my backups again, however what I found was that the VM ID dissappeared from the UI in proxmox backup server, and the CLI command failed with an error.

I didn't care too much about historical data, so I tried the above hack-fix.

Code:
# proxmox-backup-client change-owner vm/112 svc-proxmoxbackup@pbs --repository ProxmoxBackup
Error: permission check failed.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!