Permission Issue with Setting Up Proxmox Backup Server with Synology NFS

NFS permission issue has always been annoying to me since I started to use my Synology as the main storage provider of my homelab running Docker Swarm, which can be made easier by supplying block storage to the Docker host machine with iSCSI/LUN targets from the DSM. Which comes with costs - I can't easily view the content of the data volumes from the DSM File Station, which is the trade off.

Today I hit another NFS issue setting up Proxmox Backup Server(PBS) with NFS from DSM.

It's recommended to run the PBS on a dedicated bare metal hardware for production environment, however I decided to run it within a VM which I think would be good enough for my small homelab.

So I installed the VM and booted it into the GUI, everything was alright until I was trying to mount an NFS folder from DSM to use it as the data store for PBS - the classic NFS permission issue!

And I don't want to add another LUN for this so I decided to fix the issue as I suppose it would be possible to give it the correct permission.

So when an NFS folder is mounted to the box, it'd take the uid/gid from the NFS server user mapping, which for me, is the uid/gid of admin:users on DSM as I mapped all users to admin from DSM NFS file service.

And the issue was, no matter what wide permission that I gave to the shared folder on DSM, PBS just doesn't like it and fail with permission issue when adding a data storage with the shared folder.

The solution is rather easy after I figured it out - just to tune the uid/gid of the PBS system so that the uid/gid mapped from DSM matches the backup:backup user and group on PBS.

To do that, I'd have to grap the uid/gid of admin:users from the DSM:

$ id admin
uid=1024(admin) gid=100(users) groups=100(users),101(administrators)

And then I went to the PBS box and changed the uid/gid of backup:backup to match 1024/100

$ systemctl stop proxmox-backup-proxy.service # you have to stop this service first as it's spawned with the backup user
$ usermod -u 1024 backup
$ find / -user 34 -exec chown -h backup {} \; # 34 is the old uid of backup user
$ groupmod -g 1000 users # gid 100 is taken
$ groupmod -g 100 backup
$ find / -group 34 -exec chgrp -h backup {} \;
$ ls -al /mnt/backup/
total 4
drwxrwxrwx 1 backup backup 24 Jul 27 22:15 .
drwxr-xr-x 3 root root 4096 Jul 27 12:49 ..
drwxrwxrwx 1 backup backup 524288 Jul 27 22:27 .chunks
-rw-r--r-- 1 backup backup 0 Jul 27 22:15 .lock

Now everything works.


Notes:

  • chaning only the uid wouldn't work
  • you'll need to fix file permissions after changing the uid/gid otherwise you'll get several permission issues