[SOLVED] container messed up after changing unpivileged attribute outside the gui

[Fathi]

Hi, I have a daemon unable to run with messages like "unable to list devices" so i modified the unprivileged attribute in /etc/pve/lxc/100.conf and added feature nested while the container is probably still running. Now, i can't access several files even as root with permission denied messages, tried several solutions in the forum unsuccessfully.
Changing ownership of file didn't work as some files are now owned by nobody and even root can't read them or copy them.
Backing up the container gave me teh following messages, so i unterrupted it:

INFO: starting new backup job: vzdump 100 --node pve --compress zstd --mode stop --storage local --remove 0
INFO: Starting Backup of VM 100 (lxc)
INFO: Backup started at 2021-04-29 12:29:44
INFO: status = stopped
INFO: backup mode: stop
INFO: ionice priority: 7
INFO: CT Name: cloud
INFO: including mount point rootfs ('/') in backup
INFO: creating vzdump archive '/var/lib/vz/dump/vzdump-lxc-100-2021_04_29-12_29_44.tar.zst'
INFO: tar: ./var/lib/NetworkManager/secret_key: Cannot open: Permission denied
INFO: tar: ./var/lib/private: Cannot open: Permission denied
INFO: tar: ./var/log/private: Cannot open: Permission denied
INFO: tar: ./var/log/clamd.scan: Cannot open: Permission denied
INFO: tar: ./var/log/btmp: Cannot open: Permission denied
INFO: tar: ./var/www/vhosts/nextcloud/htdocs/config/config.php: Cannot open: Permission denied
INFO: tar: ./var/cache/private: Cannot open: Permission denied
ERROR: Backup of VM 100 failed - command 'set -o pipefail && lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- tar cpf - --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs '--xattrs-include=user.*' '--xattrs-include=security.capability' '--warning=no-file-ignored' '--warning=no-xattr-write' --one-file-system '--warning=no-file-ignored' '--directory=/var/lib/vz/dump/vzdump-lxc-100-2021_04_29-12_29_44.tmp' ./etc/vzdump/pct.conf ./etc/vzdump/pct.fw '--directory=/mnt/vzsnap0' --no-anchored '--exclude=lost+found' --anchored '--exclude=./tmp/?*' '--exclude=./var/tmp/?*' '--exclude=./var/run/?*.pid' ./ | zstd --rsyncable '--threads=1' >/var/lib/vz/dump/vzdump-lxc-100-2021_04_29-12_29_44.tar.dat' failed: interrupted by signal
INFO: Failed at 2021-04-29 12:32:39
INFO: Backup job finished with errors
TASK ERROR: job errors

Need help please.
TIA

 

[oguz]

hi,

so i modified the unprivileged attribute in /etc/pve/lxc/100.conf

never modify this attribute manually in the configuration!

if you want to make your container privileged/unprivileged you should use the backup/restore operation and select the corresponding radio button

 

[Fathi]

hi,


never modify this attribute manually in the configuration!

if you want to make your container privileged/unprivileged you should use the backup/restore operation and select the corresponding radio button

Hi, sometimes i do and never had a problem. Now, in a hurry and not finding the origin of my error messages, i "switched" manually the container from unprivileged to privileged in /etc/pve/lxc/100.conf and broke it.
Is there a way to repair it ?

 

[oguz]

sometimes i do and never had a problem.

the unprivileged bit influences the filesystem of the container, switching it manually can only cause problems.

Is there a way to repair it ?

change it back to the original state, i.e., unprivileged: 1 and see if it works...

also you should not edit configuration files manually when the container is running. use the tool pct or the web GUI

 

[Fathi]

Hi, sometimes i do and never had a problem. Now, in a hurry and not finding the origin of my error messages, i "switched" manually the container from unprivileged to privileged in /etc/pve/lxc/100.conf and broke it.
Is there a way to repair it ?

I think my trouble comes from the fact that i did all this while accessing the file /var/www/vhosts/nextcloud/htdocs/config/config.php remotly via winscp, so this file is now out of control.

 

[Fathi]

the unprivileged bit influences the filesystem of the container, switching it manually can only cause problems.


change it back to the original state, i.e., unprivileged: 1 and see if it works...

also you should not edit configuration files manually when the container is running. use the tool pct or the web GUI

Changed it while it is stopped, but stil have:
[root@cloud ~]# cat /var/www/vhosts/nextcloud/htdocs/config/config.php
cat: /var/www/vhosts/nextcloud/htdocs/config/config.php: Permission denied
Cloning the container is possible, but clone have same trouble.
Backing up the container doesn't work as said previously.

 

[oguz]

mount the container and change the owner of the file:

$ pct mount 123
mounted CT 123 in '/var/lib/lxc/123/rootfs'
# should tell you the permissions/owner etc.
$ ls -l /var/lib/lxc/123/rootfs/var/www/vhosts/nextcloud/htdocs/config/config.php
# change the owner to the container root UID
$ chown 100000:100000 /var/lib/lxc/123/rootfs/var/www/vhosts/nextcloud/htdocs/config/config.php
$ pct unmount 123

 

[Fathi]

mount the container and change the owner of the file:

$ pct mount 123
mounted CT 123 in '/var/lib/lxc/123/rootfs'
# should tell you the permissions/owner etc.
$ ls -l /var/lib/lxc/123/rootfs/var/www/vhosts/nextcloud/htdocs/config/config.php
# change the owner to the container root UID
$ chown 100000:100000 /var/lib/lxc/123/rootfs/var/www/vhosts/nextcloud/htdocs/config/config.php
$ pct unmount 123

Thank you very much @oguz . You saved me. I will never redo changing that param as i do till now.

 

[Neox]

Thanks @oguz, thats work like a charm for me too