Hello!
New proxmox, samba, and Linux user here, and I am trying to create a backup for an unprivileged LXC I have created to host samba for interfacing with windows PCs on my network, but I am running into a file permissions error during the backup process that is causing it to fail. I have already mounted an external HDD on both the host and on the lxc to use as the samba share location, and I re-mapped the ID/GID of one user so I could access the shares on windows (which I was successfully able to do). Backing up after the re-mapping, however, fails:
It seems that the user directory /home/chris is the source of the error, so I figured I would check it out. Navigating to /home within the samba lxc console and checking perms shows me:
This makes me think I have a permissions issue related to those user directories (specifically chris), so I attempted to use:
to change ownership, but I get:
Changing ownership does not seem to work either:
Notably, I can change the directory associated with christine, but not chris. I did follow this process for the UID/GIDs for mapping the host ID to the container ID:
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
which I only applied to the associated ID of chris (ID:1000).
nano /etc/pve/lxc/101.conf on the host shell yields:
So it makes me think this is related. Currently I can access my mounted drive as intended from both the container and windows, but nothing I do seems to allow me access to /home/chris and it is causing my backups to fail.
Has anyone encountered this issue before, or is there something obvious I am missing here? Thank you in advance!
New proxmox, samba, and Linux user here, and I am trying to create a backup for an unprivileged LXC I have created to host samba for interfacing with windows PCs on my network, but I am running into a file permissions error during the backup process that is causing it to fail. I have already mounted an external HDD on both the host and on the lxc to use as the samba share location, and I re-mapped the ID/GID of one user so I could access the shares on windows (which I was successfully able to do). Backing up after the re-mapping, however, fails:
Code:
INFO: Starting Backup of VM 101 (lxc)
INFO: Backup started at 2025-11-02 18:36:06
INFO: status = running
INFO: CT Name: samba
INFO: including mount point rootfs ('/') in backup
INFO: excluding bind mount point mp0 ('/media/postdata1') from backup (not a volume)
INFO: backup mode: snapshot
INFO: ionice priority: 7
INFO: create storage snapshot 'vzdump'
WARNING: You have not turned on protection against thin pools running out of space.
WARNING: Set activation/thin_pool_autoextend_threshold below 100 to trigger automatic extension of thin pools before they get full.
Logical volume "snap_vm-101-disk-0_vzdump" created.
WARNING: Sum of all thin volume sizes (<1.01 TiB) exceeds the size of thin pool pve/data and the size of whole volume group (<475.00 GiB).
INFO: creating vzdump archive '/var/lib/vz/dump/vzdump-lxc-101-2025_11_02-18_36_06.tar.zst'
INFO: tar: ./home/chris: Cannot open: Permission denied
INFO: Total bytes written: 1029683200 (982MiB, 151MiB/s)
INFO: tar: Exiting with failure status due to previous errors
INFO: cleanup temporary 'vzdump' snapshot
Logical volume "snap_vm-101-disk-0_vzdump" successfully removed.
ERROR: Backup of VM 101 failed - command 'set -o pipefail && lxc-usernsexec -m u:0:100000:1000 -m g:0:100000:1000 -m u:1000:1000:1 -m g:1000:1000:1 -m u:1001:101001:64534 -m g:1001:101001:64534 -- tar cpf - --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs '--xattrs-include=user.*' '--xattrs-include=security.capability' '--warning=no-file-ignored' '--warning=no-xattr-write' --one-file-system '--warning=no-file-ignored' '--directory=/tmp/vzdumptmp479701_101/' ./etc/vzdump/pct.conf ./etc/vzdump/pct.fw '--directory=/mnt/vzsnap0' --no-anchored '--exclude=lost+found' --anchored '--exclude=./tmp/?*' '--exclude=./var/tmp/?*' '--exclude=./var/run/?*.pid' ./ | zstd '--threads=1' >/var/lib/vz/dump/vzdump-lxc-101-2025_11_02-18_36_06.tar.dat' failed: exit code 2
INFO: Failed at 2025-11-02 18:36:13
INFO: Backup job finished with errors
INFO: notified via target `mail-to-root`
TASK ERROR: job errorsIt seems that the user directory /home/chris is the source of the error, so I figured I would check it out. Navigating to /home within the samba lxc console and checking perms shows me:
Code:
root@samba:~# cd /home
root@samba:/home# ls -l
total 8
drwxr-x--- 2 nobody nogroup 4096 Nov 1 17:45 chris
drwxrwxrwx 2 nobody nogroup 4096 Nov 1 01:16 christineThis makes me think I have a permissions issue related to those user directories (specifically chris), so I attempted to use:
chmod -R 755 /home/christo change ownership, but I get:
Code:
root@samba:/home# chmod -R 755 /home/chris
chmod: changing permissions of '/home/chris': Operation not permitted
chmod: cannot read directory '/home/chris': Permission deniedChanging ownership does not seem to work either:
Code:
root@samba:/home# sudo chown -R nobody:nogroup /home
chown: cannot read directory '/home/chris': Permission deniedNotably, I can change the directory associated with christine, but not chris. I did follow this process for the UID/GIDs for mapping the host ID to the container ID:
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
which I only applied to the associated ID of chris (ID:1000).
nano /etc/pve/lxc/101.conf on the host shell yields:
Code:
arch: amd64
cores: 1
features: nesting=1
hostname: samba
memory: 1024
mp0: /media/postdata1,mp=/media/postdata1
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:09:E3:A0,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-101-disk-0,size=8G
swap: 1024
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64534
lxc.idmap: g 1001 101001 64534So it makes me think this is related. Currently I can access my mounted drive as intended from both the container and windows, but nothing I do seems to allow me access to /home/chris and it is causing my backups to fail.
Has anyone encountered this issue before, or is there something obvious I am missing here? Thank you in advance!