Storage permissions issue after migration from LXD

Lox · August 9, 2025, 2:46am

I migrated my last server from LXD using latest stable version of Incus. One container has an issue of permission on its secondary storage :

incus config show --expanded media
architecture: x86_64
config:
  environment.TZ: Pacific/Noumea
  limits.memory: 4GB
  volatile.base_image: 767a2bafeaef7cc7d140bbde9a0d598f3aa561f8313cc6b01bc4e9c991f85f56
  volatile.eth0.host_name: veth1b86a543
  volatile.eth0.hwaddr: 00:16:3e:6d:c7:48
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.last_state.ready: "false"
  volatile.uuid: d94a530d-3927-42a6-a3bc-0e69f7a30e34
  volatile.uuid.generation: b80f8485-a430-4a25-813a-62582f6150e7
devices:
  data:
    path: /data
    source: /tank/media
    type: disk
  eth0:
    name: eth0
    nictype: bridged
    parent: br0
    queue.tx.length: "10000"
    type: nic
  gpu:
    gid: "0"
    type: gpu
  root:
    path: /
    pool: vm
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

/tank/media is a ZFS dataset :

~ » incus shell media
root@media:~# ls -lah / | grep data$
drwxr-sr-x    8 nobody nogroup    8 août   8  2020 data
root@media:~# touch /data/test
touch: cannot touch '/data/test': Permission denied

» ls -lah /tank/media
total 116K
drwxr-sr-x  8 1000000 1000000  8 août   8  2020 .
drwxr-xr-x  5 root    root     5 oct.   3  2021 ..
drwxrws---  7 1000000 1010000  9 mai   26  2023 Apps
drwxrws--- 22 1000000 1010000 42 mai   17 10:42 Assets
drwxrws---  4 1000000 1010000  5 févr.  6  2025 Music
drwxrwsr-x  9 1000112 1000116 15 août  29  2024 plex
drwxrws---  9 1000000 1010000 11 janv. 12  2023 Ressources
drwxr-sr-x  2 1000000 1000116  2 août   8  2020 tmp

How can I fix it please ?

stgraber · August 9, 2025, 5:55am

Try setting shifted: true on the data device.

Lox · August 11, 2025, 10:43pm

Thanks. I think you mean shift not shifted.

Also, I then need to alter all permissions on the host this way :

100000 => 0
100112 => 112
… and so on

Right ?

I have another question. Why was it okay with LXD and not Incus ?

Lox · August 16, 2025, 2:48am

I made a script to fix permissions if that can help others. To use at your own risk :

#!/bin/bash

DIR=$1

shopt -s globstar nullglob dotglob
for f in "${DIR}"/**/*; do
  FGID=$(stat -c %g "$f")
  FUID=$(stat -c %u "$f")

  echo "Process $f"
  if [ $FGID -ge 1000000 ]; then
    NGID=$(expr "$FGID" - 1000000)
    chgrp $NGID "${f}"
    echo " - chgrp set to $NGID"
  fi

  if [ $FUID -ge 1000000 ]; then
   NUID=$(expr "$FUID" - 1000000)
   chown $NUID "${f}"
   echo " - chown set to $NUID"
  fi
  
done