[SOLVED] How to run Proxmox Backup Server as unprivileged container?

Florius

Well-Known Member
Jul 2, 2017
35
9
48
57
Hi,

I want to run Proxmox backup as an unprivileged container, which backups to an external HDD.
I got the external HDD part working:

Code:
arch: amd64
cmode: tty
console: 1
cpulimit: 0
cpuunits: 1024
hostname: backup
memory: 2048
mp0: /backup,mp=/backup
net0: name=eth0,bridge=vmbr0,hwaddr=96:CC:76:03:C6:0C,ip=dhcp,type=veth
onboot: 1
ostype: debian
protection: 0
rootfs: local-lvm:vm-110-disk-0,size=10G
swap: 512
tty: 2
unprivileged: 1
lxc.idmap: u 0 100000 34
lxc.idmap: g 0 100000 34
lxc.idmap: u 34 34 1
lxc.idmap: g 34 34 1
lxc.idmap: u 35 100035 65501
lxc.idmap: g 35 100035 65501

I mount the external HDD as a mount point.
This works fine, and I can see all the backups as they are owned by backup:backup (uid and gid 34).

However the problem is that /etc/proxmox-backup is also owned by backup:backup.
This goes wrong somehow and are actually owned by nobody/nogroup:

Code:
# ls -la /etc/ | grep back
drwx------  2 nobody nogroup  4096 May 22 10:50 proxmox-backup

Is it even possible to do something like this?
Thank you.
 
Last edited:
did you add the ID map(s) after you installed proxmox-backup-server inside the container?
 
so the folder (and possibly some other things) is likely owned by the default unprivileged user 100033. you can use pct mount to mount the containers' FS and correct the owners (all files/dirs owned by user or group 100033 need to be owned by user 33 in your case).

e.g., find /var/lib/lxc/CTID/rootfs -uid 100033 after pct mount CTID might be a good starting point ;)
 
  • Like
Reactions: Florius
so the folder (and possibly some other things) is likely owned by the default unprivileged user 100033. you can use pct mount to mount the containers' FS and correct the owners (all files/dirs owned by user or group 100033 need to be owned by user 33 in your case).

e.g., find /var/lib/lxc/CTID/rootfs -uid 100033 after pct mount CTID might be a good starting point ;)

Thanks, that fixed it!

For whoever is reading this in the future, I also had to do a find . -gid 100033 as some files were owned by 100000 but group 100033.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!