[SOLVED] After syncing to a new datastore: backup owner check failed (pve-user@pbs != backup@pam)

Cookiefamily

Well-Known Member
Jan 29, 2020
136
40
48
Germany
Hi,

I wanted to switch to a new datastore (store02) (on different disks) so did the following:
  1. Add a second datastore to the pbs server (store02)
  2. Added a remote with localhost and the store02 datastore
  3. Ran a sync from store01 to the "remote" localhost:store02
  4. Removed store01
  5. Modified the Permissions for the pve-user@pbs to allow access to store02
  6. In PVE removed the store01 datastore
  7. In PVE added a new datastore for store02
  8. Modified Backup Task to point to the new datastore.
Now I no longer see any backups in PVE in the "Content" tab of the datastore. When I try to run backups, I recieve the following:
VM 100 qmp command 'backup' failed - backup connect failed: command error: backup owner check failed (pve-user@pbs != backup@pam)
I kept the user at the pbs-side the same, what exactly is happening here? Shouldn't the permissions be carried over?
 
Hi,

I wanted to switch to a new datastore (store02) (on different disks) so did the following:
  1. Add a second datastore to the pbs server (store02)
  2. Added a remote with localhost and the store02 datastore
  3. Ran a sync from store01 to the "remote" localhost:store02
  4. Removed store01
  5. Modified the Permissions for the pve-user@pbs to allow access to store02
  6. In PVE removed the store01 datastore
  7. In PVE added a new datastore for store02
  8. Modified Backup Task to point to the new datastore.
Now I no longer see any backups in PVE in the "Content" tab of the datastore. When I try to run backups, I recieve the following:
VM 100 qmp command 'backup' failed - backup connect failed: command error: backup owner check failed (pve-user@pbs != backup@pam)
I kept the user at the pbs-side the same, what exactly is happening here? Shouldn't the permissions be carried over?
perhaps a quick search on the forum? there are plenty of info about this problem:
https://forum.proxmox.com/threads/backups-multi-pbs-replications.76514/#post-340732

The problem is that sync does not use the same user as the backups.
 
  • Like
Reactions: incrediblecube
you can use 'proxmox-backup-client change-owner' to change the owner, the option to set this on pull/sync jobs is in the works.
 
you can use 'proxmox-backup-client change-owner' to change the owner, the option to set this on pull/sync jobs is in the works.
For those of you who are confused a bit on this as I was, here is an example:

root@pbs:/# proxmox-backup-client change-owner vm/104 <youruser>@pbs --repository <yourrepository>

the "group" can be seen in the gui under your datastore. My "backup groups" were "vm/104", "vm/105" etc...
My repository name was "002"
 
Last edited:
For those of you who are confused a bit on this as I was, here is an example:

root@pbs:/# proxmox-backup-client change-owner vm/104 <youruser>@pbs --repository <yourrepository>

the "group" can be seen in the gui under your datastore. My "backup groups" were "vm/104", "vm/105" etc...
My repository name was "002"
Thank you for that example, I‘ll stick to the „hacky“ way suggested by oversite as I can easily change owners for all Backups at once. But good to have nonetheless!
 
For those of you who are confused a bit on this as I was, here is an example:

root@pbs:/# proxmox-backup-client change-owner vm/104 <youruser>@pbs --repository <yourrepository>

the "group" can be seen in the gui under your datastore. My "backup groups" were "vm/104", "vm/105" etc...
My repository name was "002"
How can I find out the repository? I entered the command on the pbs but only got back error. For me, the background is that I have switched to 2fa. Of course, I created an API token on the pbs and this one has retained the permissions. In the meantime, I deleted all backups because I believed that these backups were built on the old backups. However, I get the error described above. What can I do?

Thank you.
 

Attachments

  • Screenshot_20210606-231330.png
    Screenshot_20210606-231330.png
    295 KB · Views: 155
repository is the combination of user/token ID, PBS host and datastore:
USER@REALM@HOST:DATASTORE, e.g. root@pam!sv22-backup01@pbs.example.com:mydatastore. you should find all that information on the PVE side in your storage config entry ;)
 
repository is the combination of user/token ID, PBS host and datastore:
USER@REALM@HOST:DATASTORE, e.g. root@pam!sv22-backup01@pbs.example.com:mydatastore. you should find all that information on the PVE side in your storage config entry ;)
Do you mean the entries in "/etc/pve/storage.cfg"?

Then by "mydatastore" you mean "backup1" in my case?
I will try it out.
 

Attachments

  • 2021-06-07 20_22_39-vhost01 - Proxmox Virtual Environment.png
    2021-06-07 20_22_39-vhost01 - Proxmox Virtual Environment.png
    6.9 KB · Views: 98
Do you mean the entries in "/etc/pve/storage.cfg"?

Then by "mydatastore" you mean "backup1" in my case?
I will try it out.
The PBS entries in /etc/pve/storage.cfg yes, they are the same you see in the PVE GUI under datacenter/storage. Not the ones you show in the attachment as storage under one node.
 
  • Like
Reactions: djdonnerwolke
Probably going to get smacked with a stick for posting this, but I browsed to my proxmox backup server repository (which is a CIFS share on my synology). I drilled down into `vm` folder, then found a file in there called `owner`. I edited this with the name that my PBS is expecting (per the error log) and reloaded the repo. All OK now, backups and restores are working.

I only resorted to this because I thought deleting all the backups from within proxmox would allow me to run my backups again, however what I found was that the VM ID dissappeared from the UI in proxmox backup server, and the CLI command failed with an error.

I didn't care too much about historical data, so I tried the above hack-fix.

Code:
# proxmox-backup-client change-owner vm/112 svc-proxmoxbackup@pbs --repository ProxmoxBackup
Error: permission check failed.
 
Wish I can mass change the entire datastor to the new owner in the PBS's WebGUI. Especially if I can do this via namespace.

I can't imagine someone changing hundreds of backup groups one at a time. I'd figured a for loop script may do the trick.

Get a list of your vms and cts

root@pbs:/# proxmox-backup-client list -repository BackupStorage1

Somehow have it parse it so it can use the variable

proxmox-backup-client change-owner %%ct-vm%% pbsbackup@pbs --repository BackupStorage1

Then you're done.
 
  • Like
Reactions: Xeata_James
Wish I can mass change the entire datastor to the new owner in the PBS's WebGUI. Especially if I can do this via namespace.

I can't imagine someone changing hundreds of backup groups one at a time. I'd figured a for loop script may do the trick.

Get a list of your vms and cts

root@pbs:/# proxmox-backup-client list -repository BackupStorage1

Somehow have it parse it so it can use the variable

proxmox-backup-client change-owner %%ct-vm%% pbsbackup@pbs --repository BackupStorage1

Then you're done.
Lol, yeah. ChatBot thinks so too; he even lies and invents the seeming obvious command. Gotta give it credit for trying, I suppose. ;-)
Bash:
root@pbs3:~# proxmox-backup-manager datastore change-owner --datastore main_store --new-owner user@pam
Error: no such command 'change-owner'

Usage:

proxmox-backup-manager datastore create <name> <path> [OPTIONS]
proxmox-backup-manager datastore list [OPTIONS]
proxmox-backup-manager datastore remove <name> [OPTIONS]
proxmox-backup-manager datastore show <name> [OPTIONS]
proxmox-backup-manager datastore update <name> [OPTIONS]
 
  • Like
Reactions: Darkk
Lol, yeah. ChatBot thinks so too; he even lies and invents the seeming obvious command. Gotta give it credit for trying, I suppose. ;-)
Bash:
root@pbs3:~# proxmox-backup-manager datastore change-owner --datastore main_store --new-owner user@pam
Error: no such command 'change-owner'

Usage:

proxmox-backup-manager datastore create <name> <path> [OPTIONS]
proxmox-backup-manager datastore list [OPTIONS]
proxmox-backup-manager datastore remove <name> [OPTIONS]
proxmox-backup-manager datastore show <name> [OPTIONS]
proxmox-backup-manager datastore update <name> [OPTIONS]

Maybe future update they add this in. Even it's CLI.
 
  • Like
Reactions: Xeata_James
OK, it's pretty easy to script. I had chatbot write up a quick BASH loop that iterates over a 'machines.txt' (could easily be automated too) and runs the proxmox-backup-client change-owner command.
Might be a nice thing to have in the GUI unless devs know better.
 
  • Like
Reactions: Darkk
let me necro this with a little script

change path of directory to your datastore
change datastorename and mynamespacename in the path and in the execution line
change newowner

Bash:
%
#!/bin/bash

# Define the directory (current directory by default)
directory="/mnt/datastore/Datastorename/ns/mynamespacename/vm/"


# Loop through each item in the directory
for item in "$directory"/*; do
  # Check if it's a directory (not a file)
  if [ -d "$item" ]; then
    dir_name="$(basename "$item")"
    proxmox-backup-client change-owner "vm/$dir_name" newowner@pbs --ns "mynamespacename" --repository Datastorename
  fi
done
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!