[SOLVED] TrueNAS NFS share - EPERM: Operation not permitted

[elyviere]

So I've been trying to get PBS working on a TrueNAS NFS share, with no luck. My PBS is running as an unprivileged LXC container in proxmox (created via Proxmox helper scripts). I've got the NFS share set up and added to the proxmox host and I mount it to the container via the /etc/pve/lxc/xxx.conf. In a shell from the container, I'm able to create and delete files on the NFS share as the root user. However, when I create a datashare in the folder, I get the error "EPERM: Operation not permitted".

I've been trying a couple different ways to resolve this. I've tried chown 100000:100000 and 100034:100034 from the host, which makes the folder show up as owned by root and backup respectively in the container (otherwise it shows up as nobody). I've tried chmod 777 to allow all accesses. I've even tried asking copilot, who suggested setting no_root_squash in the TrueNAS share by setting the following in the UI.
Maproot User = root
Maproot Group = wheel

And I've of course tried a load of combinations of the above as well. No matter what I do, I still just get EPERM: Operation not permitted when I try to create the datastore in PBS. Has anyone got this working or know what I need to do in order for it to work?

 

[elyviere]

I was able to resolve this by switching to a CIFS/Samba share instead of NFS. I couldn't select UID and GUID in the GUI, so on my node I added the following to /etc/fstab instead:

/etc/fstab

//192.168.1.100/proxmox-backups/ /mnt/pve/proxmox-backups cifs _netdev,x-systemd.automount,noatime,uid=100034,gid=100034,dir_mode=0770,file_mode=0770,credentials=/etc/pbs.creds,vers=3.0 0 0

/etc/pbs.creds (this is my credentials for a user I created in TrueNAS Scale, who has access to this dataset)

username=pbs
password=passwordfordemonstration

And this line to the container config:
/etc/pve/lxc/100.conf

mp0: /mnt/pve/proxmox-backups,mp=/mnt/nas-backups

Notice the uid and gid are 100034, which matches the user "backup" on the pbs container, which has UID 34 and GID 34.

From there, the nas is available to use within pbs at /mnt/nas-backups and can be used as the path for a datastore.

 

[Crayz]

Hi, I'm having the same problem. I tried doing everything you did above; however, I'm still getting the same error. Did you have to change the ownership/privileges over to the backup user? Or, did you have to map the host ids to the unprivileged LXC IDs? Thanks, in advance.

 

[elyviere]

I don't actually recall, but let me see what I can find in my bash history.

To start, have you also verified that the user has read and write privileges in the folder? Try sudo su - backup in your LXC to swap to your backup user (you may need to give the user a shell, you'll have to google how to do that as I don't remember the command) and then navigate to the folder and try to write a file. Check in Truenas that the file is actually created as well.

Also, does ls -l list the owner and group of the mounted folder as backup? For me it shows
drwxrwx--- 2 backup backup ... nas-backups

From my LXC bash history I can see that one of the last commands I ran was usermod -aG backup root, so perhaps that helped, but I don't see why it would as the folder is owned by backup... I'm afraid I can't see anything else helpful, neither in the lxc history or host history.