Permission Check Failed for User Despite DatastoreBackup + DatastoreAudit Roles

B

bakermat

New Member
Sep 24, 2025
1
0
1
Hello,

I'm encountering a persistent permission check failed error on my PBS 3.4.1 installation and have exhausted all standard troubleshooting steps. I'm hoping someone can shed some light on this unusual behavior.

Summary of the Problem: My PBS user unraidbackup@pbs is unable to list its own snapshots, even after being granted the DatastoreBackup and DatastoreAudit roles on the correct datastore path. The error is always permission check failed.. This is preventing my backup script from running.

My Environment:

  • Server: Proxmox Backup Server v3.4.1
  • Client: fdrake/proxmox-backup-client Docker container on Unraid
  • Authentication: The client is authenticating with the user's password, not an API token.
Troubleshooting Steps Taken:

  • Confirmed network connectivity from the client to the PBS server (ping is successful).
  • Confirmed the correct password is being used.
  • Broadened the permission path from a specific backup group to the parent datastore (/datastore/zfs_backups) as required by the client.
  • Assigned the DatastoreBackup role to the unraidbackup@pbs user on that path.
  • When a script command failed, I also added the DatastoreAudit role to the same user and path to allow listing snapshots.
  • The error persists even when running a very specific command directly on the PBS server's command line.
Final Failing Command: This is the output when I run proxmox-backup-client snapshot list host/Unraid --output-format=json directly on the server (while authenticated as the unraidbackup@pbs user via environment variables):

JSON:

{
"id": "unraidbackup@pbs",
"path": "/datastore/zfs_backups/host/Unraid",
"upid": null,
"error": "permission check failed."
}

Current Permissions: My current Access Control -> Permissions are configured as follows:

  • User: unraidbackup@pbs
    • Path: /datastore/zfs_backups
    • Role: DatastoreBackup
  • User: unraidbackup@pbs
    • Path: /datastore/z_backups
    • Role: DatastoreAudit
  • User: ProxBack@pbs
    • Path: /datastore/zfs_backups
    • Role: DatastoreBackup
Any ideas on why the permission check would still be failing with these roles in place would be greatly appreciated.

Thank you!
 
My (blind) ideas:
  1. Is "Propagate" set to "Yes" for this user (in Access Control -- Permissions)? It may be needed.

  2. In the DatastoreAudit role you wrote [B]Path:[/B] /datastore/z_backups. In other roles you wrote [B]Path:[/B] /datastore/zfs_backups. I mean this difference:
    z_... vs. zfs_... I ask just in case it's not a typo in your post only. :)
 
Last edited:
You must log in or register to reply here.
Top Bottom