[SOLVED] CLOSED BUT NON CORRECTED: PBS: permission problem

diaolin

Renowned Member
Jul 7, 2008
332
8
83
Trentino Italy
I have a pbs server installed and a ProxmoxVE cluster separate.
Configured pbs server datastore is mounted over nfs and backup and root could write withouth problem

proxmox-backup-manager datastore list
┌─────────┬──────────────┬─────────┐
│ name │ path │ comment │
╞═════════╪══════════════╪═════════╡
│ BigDisk │ /bigdisk/pbs │ │
└─────────┴──────────────┴─────────┘

and on the client side (proxmox VE) configured


pvesm status


Name Type Status Total Used Available %

*pbs pbs active 29987345536 11207129216 18780216320 37.37%*


When i try to take a backup of a vm the response is:



INFO: starting new backup job: vzdump 101 --remove 0 --storage pbs --mode snapshot --node proxmox2
INFO: Starting Backup of VM 101 (qemu)
INFO: Backup started at 2020-11-20 11:46:22
INFO: status = running
INFO: VM Name: winxp
INFO: include disk 'ide0' 'nfssynology:101/vm-101-disk-1.qcow2' 32G
INFO: backup mode: snapshot
INFO: ionice priority: 7
INFO: creating Proxmox Backup Server archive 'vm/101/2020-11-20T10:46:22Z'
INFO: issuing guest-agent 'fs-freeze' command
INFO: enabling encryption
INFO: issuing guest-agent 'fs-thaw' command
ERROR: VM 101 qmp command 'backup' failed - backup connect failed: command error: EACCES: Permission denied
INFO: aborting backup job
ERROR: Backup of VM 101 failed - VM 101 qmp command 'backup' failed - backup connect failed: command error: EACCES: Permission denied
INFO: Failed at 2020-11-20 11:46:22
INFO: Backup job finished with errors
TASK ERROR: job errors


But if i go to pbs itself i find the error

What can i do?

Diaolin
 

Attachments

  • Schermata del 2020-11-20 11-48-10.png
    Schermata del 2020-11-20 11-48-10.png
    136.8 KB · Views: 26
Last edited:
You seem to have configured a custom user for backing up your PVE instance. You need to grant that user access to your PBS datastore as well.

In PBS, select your datastore and go to the "Permissions" tab. Add a new "User role" and select the "DatastoreBackup", "DatastorePowerUser" or "DatastoreReader" (for restore) role to give to your user. You can add more than one of course. Read the documentation on what these roles mean exactly.

Edit: Just to be clear, these are entirely seperate permissions from the file system level, these apply directly on the PBS API.
 
No, sorry, i've used the correct user and assigned the permission
This happens because i've the datastore mounted over nfs on a synology server and even changing the id on the synology
this does not work. Changing to a local datastore this is ok.
THe system says always: permission denied but if i test writing with backup user is all ok. Always.

What can i do?

Many thanks
Diaolin
 
Can you post a directory listing of your datastore directory? For reference, here is how it should be set up:

Code:
# ls -lah
total 1.1M
drwxr-xr-x 7 backup backup 4.0K Nov 12 15:39 .
drwxr-xr-x 4 root   root   4.0K Jul 28 15:56 ..
drwxr-x--- 1 backup backup 1.1M Jun  2 10:18 .chunks
drwxr-xr-x 4 backup backup 4.0K Jul 23 14:50 ct
-rw-r--r-- 1 backup backup  300 Nov 12 15:39 .gc-status
drwxr-xr-x 3 backup backup 4.0K Jul 14 15:34 host
-rw-r--r-- 1 backup backup    0 Jun  2 10:18 .lock
drwxr-xr-x 9 backup backup 4.0K Oct  8 16:06 vm

A sudo -u backup touch <datastore-dir>/testfile works fine for you? The nested directories are all owned by "backup"?

Also, potentially check any mount options for access restrictions, potentially something like FUSE's "allow_others" is necessary for your setup?
 
Can you write to a datastore that is local to PBS?
 
Can you post a directory listing of your datastore directory? For reference, here is how it should be set up:

Code:
# ls -lah
total 1.1M
drwxr-xr-x 7 backup backup 4.0K Nov 12 15:39 .
drwxr-xr-x 4 root   root   4.0K Jul 28 15:56 ..
drwxr-x--- 1 backup backup 1.1M Jun  2 10:18 .chunks
drwxr-xr-x 4 backup backup 4.0K Jul 23 14:50 ct
-rw-r--r-- 1 backup backup  300 Nov 12 15:39 .gc-status
drwxr-xr-x 3 backup backup 4.0K Jul 14 15:34 host
-rw-r--r-- 1 backup backup    0 Jun  2 10:18 .lock
drwxr-xr-x 9 backup backup 4.0K Oct  8 16:06 vm

A sudo -u backup touch <datastore-dir>/testfile works fine for you? The nested directories are all owned by "backup"?

Also, potentially check any mount options for access restrictions, potentially something like FUSE's "allow_others" is necessary for your setup?
Done but i think that this is a problem with the backup user on 1synology and the local
local has id 34
synology has id 1026

THe dir are all writeable from backup user

Manually, i intend

Diaolin
 
Done but i think that this is a problem with the backup user on 1synology and the local
That sounds likely to me, too.
 
  • Like
Reactions: jhusarek

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!