Hello, I’m trying to configure NFS service on the Web-GUI. I can turn on the service and mount it on the client (ubuntu) but it gets mounted with read-only permission (the NFS export is set to ‘writable’).
I tried creating an user and adding it to the ‘nfsnobody’ group because I believe this group has write permissions on the nfs exports. The problem is when i try to mount the nfs with the new user created on the client side .
sudo mount -t nfs server_ip:/export/export_name -o username=user_name,password=user_pass /mnt
mount.nfs: and incorrect mount option was specified
If I mount it without specifying user and pass, it gets mounted ok but I don’t have write permissions
mount -t nfs server_ip:/export/export_name /mnt
I read the man of mount.nfs and nfs and the syntax looks good so I think that’s a problem with nfs configuration but i don’t know what i am doing wrong.
all_squash: maps all connections to the anonymous user
anonuid: change the anonymous user from nfsnobody to a user you created that has rights to the btrfs share. Get the uid from System -> Users.
anongid: same as above, but the group ID.
no_subtree_check: Nothing to do with permissions, but disables subtree checking, which can cause problems when a requested file is renamed while the client has the file open
This might not be what you want to do from a security perspective, but for me this is just for home use so I’m fine with it.
I also stumbled across this issue while setting up my NFS shares - I therefore would like to share my insights on this:
First and foremost - to “properly” set up user mappings, one must set up Kerberos authentication.
Although I have not had a look in detail about it, it seems a bit too complex for a home environment
UID & GID
When using the default mount options (sec=sys) all uid & gid numbers from the client are used at the host - with the exception of root access, which is blocked by the default option root_squash for security reasons.
Therefore a “sudo” command on the client will not have the permissions to change the NFS share.
To setup permissions for a specific user, find out uid & gid on the client $ id and set it on the server:
Edit: Rockstor has the ability to modify the owner of a share via webUI: Storage > Shares > Access control > edit
Only existing users can be used. For most linux users rockstors “Admin” account will have the same uid as the linux client first user.
New users with specific UIDs can also be created via rockstors webUI.
OR
connect via SSH to rockstor, find the share under /mnt2/... and change the owner & group permsisions to the numerical values with sudo chown uid:gid <path>)
Now one should have read & write permissions via NFS
Rockstor NFS: Admin Host
The Rockstor webUI for NFS shares has the option “Admin Host”
You can put the IP address of the client into this field, which will get root access.
“sudo” command do work now and it is possible to “fix” permissions on the client directly (instead of using SSH).
Delete your IP from this field once you are finished for enhanced security.
anonuid and anongid
Can be used to set uid & gid of an anonymous user - this would be another approach to set a specific uid & gid that is used on the server.
Setting 777 permissions
The default permissions 755 restrict write access to the owner (read & execute for everyone).
If the permissions are then changed to 777, every user has the permissions to modify everything.
This will indeed “solve” the permission issue, but the preferred way is of course to set the right user as owner ($ chmod).
I found a great thread about this issue here:
idmapping in NFS4
There is indeed a feature to map usernames with the default AUTH_SYS options - but:
it is disabled by default
it only translates user/group names - permissions are not translated
It therefore is not useful for fixing permission issues.