SOLVED Am I too dumb to understand NFS permissions?

[wschmbomrpqg]

Hello everyone!


I want to share a dataset via NFS to my Proxmox host. If I try to access it, I will receive the following error:

Code:

create storage failed: error during cfs-locked 'file-storage_cfg'
operation: mkdir /mnt/pve/DATA/template:
Permission denied at /usr/share/perl5/PVE/Storage/Plugin.pm line 1070. (500)

This clearly looks like a permission issue... but I guess I'm too stupid to get it?

This is what I have:
dataset owned by root:wheel with permissions 770
For the nfs share I didn't set any options.
Didn't work.

Proxmox should access the share as root:root as far as I know.
So I've also tried to set maproot user root and maproot group wheel.
(Because Proxmox root is in the root group and not wheel as it is in FreeNAS)
Didn't work.

Then I've set mapall user nobody and mapall group nobody.
And changed the dataset to nobody:nobody with permissions 770.
This did work finally.

But why? From my understanding it should've worked before too.
The only thing I can imagine why this didn't work is that Proxmox does not try to connect as root.
Is there any way to find out which user/group actually tries to access the share?


Is it a good idea to set the mapall user+group to nobody?
Doesn't that mean everyone could access everything in this share?
I've already restricted the access to the specific IP of the Proxmox host... but still.

 

[KrisBee]

I'd start with "dataset owned by root:wheel with permissions 755" and "set maproot user root and maproot group whee" on the nfs share config. Double check share is visible in Proxmox shell, then it's a question of how you are trying to add this NFS share to Proxmox. Is that vai the GUI - Datacenter > Storage > Add, or are you manually editing /etc/proxmox/storage.cfg? If the later, then syntax or n/a usage could be the error. This is a question of Proxmox correct usage.

 

[wschmbomrpqg]

Yes I tried to add it via the GUI. I didn't modify any config files manually.

I've now set the permissions again to root:wheel 750, maproot-user root, maproot-group wheel
(Does it make any difference if its 750 or 755? Because I want to set it as restrictive as possible.

This didn't work. I can't access it.
The only thing that worked for me is the mapall nobody:nobody method.

Double check share is visible in Proxmox shell

I don't understand that.
It fails to create the storage so I can't check anything?

edit:
Wait. I got a differen error message as yesterday. Now the target isn't online it says.
And indeed. rpcinfo -p didn't show any mountd entry.
I restarted the NFS service manually and now I can access with above permissions.

Not sure what I did different yesterday...

However. It works now. :)

 

[KrisBee]

Glad it works. I simply meant using "showmount -e" on Proxmox. AFAIK Proxmox requires "no_root_squash" when connecting to a NFS server.

 

[wschmbomrpqg]

I simply meant using "showmount -e" on Proxmox.

Code:

root@pve:~# showmount -e
clnt_create: RPC: Program not registered

 

[KrisBee]

man showmount?