TrueNAS pveuser + Proxmox Storage Integration Chart — 2026-06-02
TrueNAS: beelink-tns (192.168.16.254) | Proxmox: mk33 (192.168.7.33)
TrueNAS Changes: New User pveuser
| Property |
Value |
| Username |
pveuser |
| UID |
3003 |
| GID |
3003 |
| Home |
/var/empty |
| Shell |
/usr/sbin/nologin |
| SMB |
Disabled |
| Password |
Disabled (SSH key only) |
| Groups |
src (GID 40) |
| Role |
FULL_ADMIN (TrueNAS API role) |
TrueNAS Changes: NFS ACL Permissions
| Dataset |
Path |
pveuser |
Other Users |
TrueNAS Permission |
| Backup |
/mnt/Ice/Backup |
FULL_CONTROL |
owner@, group@ |
rw |
| ISOs |
/mnt/Ice/ISOs |
READ |
owner@, group@ |
r |
| Archive |
/mnt/Ice/Archive |
— |
owner@, group@ |
(not mapped) |
| Repo |
/mnt/Ice/Repo |
— |
owner@, group@ |
(not mapped) |
TrueNAS Changes: NFS Maproot (All Shares)
| Share ID |
Path |
Previous Maproot |
New Maproot |
| 1 |
/mnt/Ice/Archive |
nobody |
pveuser |
| 2 |
/mnt/Ice/Backup |
nobody |
pveuser |
| 3 |
/mnt/Ice/ISOs |
nobody |
pveuser |
| 6 |
/mnt/Ice/Repo |
nobody |
pveuser |
| 7 |
/mnt/Ice/Backup/proxmox-pool/ds-mp-share |
(empty) |
pveuser |
| 8 |
/mnt/Ice/Backup/proxmox-pool/pve-ct-stor |
(empty) |
pveuser |
| 9 |
/mnt/Ice/Backup/proxmox-pool/pve-vm-stor |
(empty) |
pveuser |
Note: Maproot remaps ALL incoming NFS root (UID 0) requests to pveuser (UID 3003) on TrueNAS. Any root client (e.g., Proxmox mk33) accessing these shares will appear as pveuser on the TrueNAS filesystem, enforcing the ACL permissions above.
Proxmox Storage Configuration (mk33)
| Storage ID |
Type |
Server |
Export |
Content |
Options |
Status |
nas-backup |
NFS |
192.168.16.254 |
/mnt/Ice/Backup |
backup, images, rootdir, snippets, vztmpl |
vers=4.2,proto=tcp |
✅ active |
nas-iso |
NFS |
192.168.16.254 |
/mnt/Ice/ISOs |
iso, vztmpl |
vers=4.2,proto=tcp |
⚠️ inactive (read-only, PVE cannot create content dirs) |
nas-repo |
NFS |
192.168.16.254 |
/mnt/Ice/Repo |
snippets |
vers=4.2,proto=tcp |
⚠️ inactive (permission) |
nas-ds-mp-share |
NFS |
192.168.16.254 |
/mnt/Ice/Backup/proxmox-pool/ds-mp-share |
images, rootdir |
vers=4.2,proto=tcp |
✅ active |
nas-ct-stor |
NFS |
192.168.16.254 |
/mnt/Ice/Backup/proxmox-pool/pve-ct-stor |
rootdir |
vers=4.2,proto=tcp |
✅ active |
nas-vm-stor |
NFS |
192.168.16.254 |
/mnt/Ice/Backup/proxmox-pool/pve-vm-stor |
images |
vers=4.2,proto=tcp |
✅ active |
PVE Access Verification
| Mount Point |
Writable? |
Expected? |
/mnt/pve/nas-backup |
✅ Yes |
Yes (FULL_CONTROL) |
/mnt/pve/nas-iso |
❌ Read-only |
Yes (READ via ACL + NFS mount) |
/mnt/pve/nas-vm-stor |
✅ Yes |
Yes (Proxmox pool) |
/mnt/pve/nas-ct-stor |
✅ Yes |
Yes (Proxmox pool) |
/mnt/pve/nas-ds-mp-share |
✅ Yes |
Yes (Proxmox pool) |
Notes
nas-iso shows inactive in pvesm status because Proxmox tries to create /mnt/pve/nas-iso/template/iso on activation and fails (ACL READ only). The mount is still present and usable for ISO uploads/downloads — just not as a content-managed Proxmox storage.nas-repo shows inactive for similar reasons — Repo has no pveuser WRITE access in its ACL. Add pveuser to Repo ACL if snippets need to be writable from PVE.- No local
pveuser account exists on mk33. The user mapping is handled entirely by NFS maproot_user on TrueNAS.
- All NFS exports restricted to
192.168.0.0/18 (done in prior hardening).
Recommendations
- ISOs as managed storage: If you want Proxmox to manage ISOs (upload via UI), remove the ACL READ-only restriction and set
pveuser READ on ISOs, or use the Proxmox local storage for ISO staging and copy to nas-iso manually.
- Repo snippets: Add
pveuser FULL_CONTROL to /mnt/Ice/Repo if you need to store Proxmox snippets there.
- Monitor mount health: If TrueNAS reboots, PVE will auto-reconnect on next storage access. For immediate recovery, run
pvesm status or restart pvedaemon.
Generated: 2026-06-02
