lxc.idmap: cannot access webgui (failed to start proxmox-backup.service)

huisie · Sep 29, 2025

On installing Proxmox Backup Server to unprivileged LXC, I am running into an issue when attempting to create a local directory (zfs dataset) bind mount point via lxc.idmap as per this guide: Unprivileged LXC containers. Once I create the lxc.idmapping, I am unable to access the webgui.

My setup is a NUC with Proxmox installed to ext4 mSATA SSD and zfs pool created on nVMe SSD.
I installed Debian 13 LXC via CT template to ext4 mSATA and set up Proxmox Backup Server as per: https://pbs.proxmox.com/docs/

I am able to access the webgui at this stage. Next step is to set up the local directory bind mount point.

Create zfs dataset on zpool:

# zfs pool = store
# zfs dataset = pbs-test
zfs create store/pbs-test

Create bind mount point:

# container id = 19099
pct set 19099 -mp0 /store/pbs-test,mp=/mnt/pbs-test

Modify etc/subuid and etc/subgid:

# default backup user uid:gid on PBS is 34:34
root:100000:65536
huis:165536:65536
root:34:1

add lxc.idmapping to /etc/pve/lxc/19099.conf:

lxc.idmap: u 0 100000 34
lxc.idmap: u 34 34 1
lxc.idmap: u 35 100035 65501
lxc.idmap: g 0 100000 34
lxc.idmap: g 34 34 1
lxc.idmap: g 35 100035 65501

Change ownership of bind mount point directory on the host:

chown -R 34:34 /store/pbs-test

However, once a local directory bind mount point is created, I can no longer access the webgui.
I get the following error messages when running debug command: lxc-start -F -n 19099

[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
Starting proxmox-backup.service - Proxmox Backup API Server...
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
Starting proxmox-backup.service - Proxmox Backup API Server...
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
[ OK ] Started postfix.service - Postfix Mail Transport Agent (main/default instance).
Starting proxmox-backup.service - Proxmox Backup API Server...
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
Starting proxmox-backup.service - Proxmox Backup API Server...
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.

------------------------------------------------------------------------------

Welcome to the Proxmox Backup Server. Please use your web browser to
configure this server - connect to:

https://192.168.50.52:8007/

------------------------------------------------------------------------------

pbs login:

If I remove the lxc.idmap settings only, I can access the webgui once more. However, I cannot access the mount point from within PBS.

I am able to create a bind mount point if I eschew the lxc-idmap route and follow the steps outlined here: https://blog.kye.dev/proxmox-zfs-mounts

huisie · Oct 5, 2025

When the lxc.idmap settings are active, I don't have webgui access but do have have console/ssh access. When checking ownership:

Via node shell, I can see that zfs dataset store/pbs-test is owned by backup:backup (34:34)

Code:

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@pve2:~# cd /store
root@pve2:/store# ls -la
total 5
drwxr-xr-x  3 root   root      3 Oct  5 19:51 .
drwxr-xr-x 19 root   root   4096 Oct  4 19:06 ..
drwxr-xr-x  2 backup backup    2 Oct  5 19:51 pbs-test

Via the lxc console, I can see that mount point /mnt/pbs-test is owned by backup:backup (34:34)

Code:

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@pbs-test:~# cd /mnt
root@pbs-test:/mnt# ls -la
total 9
drwxr-xr-x  3 root   root   4096 Oct  5 19:06 .
drwxr-xr-x 19 root   root   4096 Oct  5 20:28 ..
drwxr-xr-x  2 backup backup    2 Oct  5 18:51 pbs-test

So, it seems my mappings are correct. I am stumped as to why I cannot access the webgui.

huisie · Oct 5, 2025

If I try debugging by running lxc-start -F -n <container ID>, I get the following error messages:

[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.

If I follow the error message instruction to See 'systemctl status proxmox-backup.service' for details.

root@pbs-test:~# systemctl status proxmox-backup.service
x proxmox-backup.service - Proxmox Backup API Server
Loaded: loaded (/usr/lib/systemd/system/proxmox-backup.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Sun 2025-10-05 20:33:16 UTC; 17min ago
Invocation: 67f742686c534382ba19e3c413447ea3
Process: 334 ExecStart=/usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-backup-api (code=exited, status=255/EXCEPTION)
Main PID: 334 (code=exited, status=255/EXCEPTION)

Oct 05 20:33:16 pbs-test systemd[1]: proxmox-backup.service: Scheduled restart job, restart counter is at 5.
Oct 05 20:33:16 pbs-test systemd[1]: proxmox-backup.service: Start request repeated too quickly.
Oct 05 20:33:16 pbs-test systemd[1]: proxmox-backup.service: Failed with result 'exit-code'.
Oct 05 20:33:16 pbs-test systemd[1]: Failed to start proxmox-backup.service - Proxmox Backup API Server.
Oct 05 20:33:16 pbs-test systemd[1]: proxmox-backup.service: Start request repeated too quickly.
Oct 05 20:33:16 pbs-test systemd[1]: proxmox-backup.service: Failed with result 'exit-code'.
Oct 05 20:33:16 pbs-test systemd[1]: Failed to start proxmox-backup.service - Proxmox Backup API Server.

If I follow the error message instruction to See 'systemctl status proxmox-backup-proxy.service' for details.

root@pbs-test:~# systemctl status proxmox-backup-proxy.service
x proxmox-backup-proxy.service - Proxmox Backup API Proxy Server
Loaded: loaded (/usr/lib/systemd/system/proxmox-backup-proxy.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Sun 2025-10-05 20:33:16 UTC; 19min ago
Invocation: 1d6fbdedcd1f48f6bf171e6ab10f1f14
Process: 342 ExecStart=/usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-backup-proxy (code=exited, status=101)
Main PID: 342 (code=exited, status=101)

Oct 05 20:33:16 pbs-test systemd[1]: proxmox-backup-proxy.service: Scheduled restart job, restart counter is at 5.
Oct 05 20:33:16 pbs-test systemd[1]: proxmox-backup-proxy.service: Start request repeated too quickly.
Oct 05 20:33:16 pbs-test systemd[1]: proxmox-backup-proxy.service: Failed with result 'exit-code'.
Oct 05 20:33:16 pbs-test systemd[1]: Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.

huisie · Oct 7, 2025

I have given up on getting lxc.idmap to work.

I found a working method via this post: https://forum.proxmox.com/threads/zfs-permission-and-ownership-problems.166084/post-771442

Search

Search

lxc.idmap: cannot access webgui (failed to start proxmox-backup.service)

huisie

New Member

huisie

New Member

huisie

New Member

huisie

New Member

We value your privacy