Can I create a NFS or SMB share that can provides full access to Dataset?

[benze]

I've been trying to figure out how I can export a complete Pool over an NFS or SMB share which provides access to all data in the Dataset, irrespective of ACLs specified in each.

I am looking to setup a Linux VM elsewhere on the network to create backups of the Pool on another device (ex: cloud storage, etc). However, in order to do so, I need access to all files that are defined in the Datasets in the pool.

I know that the TrueNAS root user can have access to all data (as proven when I login to a SSH shell as root and can navigate through everything). So I tried to create an NFS read-only export and defined the mapall to the root user, expecting that when any user connects to the export, it will get full root browsing privileges. But ACL protected datasets are still returning access errors.

TrueNAS Core:

Code:

root@truenas[~]# cat /etc/exports
V4: / -sec=sys
/mnt/HomeNAS -ro -mapall="root":"wheel" 192.168.2.250



root@truenas[~]# ls -l /mnt/HomeNAS
total 193
drwxr-xr-x+ 10 root       wheel      15 Sep 16 16:51 Backup
drwxrwx--x+ 10 eric       wheel      13 Nov 26 23:42 home
drwxr-xr-x   9 root       wheel      12 Nov 19  2021 iocage
drwxrwx---+ 18 mediau     wheel      34 Sep 12 13:18 media
drwxr-xr-x   3 root       wheel       3 Sep  2 16:43 TimeMachine
drwxr-xr-x   3 root       wheel       3 May 26  2022 truenas
drwxrwxrwx   2 root       wheel       4 Nov  3 00:03 VM


root@truenas[~]# ls -l /mnt/HomeNAS/media
total 1735
drwxrwxrwx    2 mediau  wheel       2 Nov 28  2021 77c8163c-5109-9ef5-16f7-4e2f0a95b7ef
drwxrwxrwx   94 docker  wheel     126 Nov 28 09:18 downloads
drwxrwx---+   2 eric    eric        2 Jan 23  2022 eric
drwxrwxrwx    2 mediau  wheel       2 Aug 30  2018 lost+found
drwxrwxrwx    2 mediau  wheel       2 Nov  9  2021 music
-rwxrwxrwx    1 mediau  wheel  445594 Dec  9  2021 progress.log
-rw-r--r--+   1 mediau  wheel  255768 Sep  3  2018 rsync.log
-rwxrwx---+   1 mediau  wheel    1415 Feb 15  2022 rsync8.log
-rwxrwx---+   1 mediau  wheel     840 Feb 16  2022 rsync9.log
drwxrwxrwx   16 mediau  wheel      19 Aug 23 10:38 training

Linux Client (AlmaLinux 9):

Code:

[eric@dockervm2 ~]$ mount

...
truenas.mydomain:/mnt/HomeNAS on /mnt/nas type nfs4 (ro,nosuid,nodev,noexec,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.2.250,local_lock=none,addr=192.168.2.17,user=eric)
[eric@dockervm2 ~]$ ls -l /mnt/nas
total 97
drwxr-xr-x. 10 root root 15 Sep 16 16:51 Backup
drwxr-xr-x.  2 1007 1007  9 Nov 27 22:25 crashplan
drwxrwx--x. 10 eric root 13 Nov 26 23:42 home
drwxr-xr-x.  9 root root 12 Nov 19  2021 iocage
drwxrwx---. 18 1004 root 34 Sep 12 13:18 media
drwxr-xr-x.  3 root root  3 Sep  2 16:43 TimeMachine
drwxr-xr-x.  3 root root  3 May 26  2022 truenas
drwxrwxrwx.  2 root root  4 Nov  3 00:03 VM

[eric@dockervm2 ~]$ ls -l /mnt/nas/home
ls: reading directory '/mnt/nas/home': Input/output error
total 0


[eric@dockervm2 ~]$ ls -l /mnt/nas/media
ls: cannot access '/mnt/nas/media/eric': Permission denied
ls: cannot access '/mnt/nas/media/rsync9.log': Permission denied
ls: cannot access '/mnt/nas/media/rsync8.log': Permission denied
total 513
drwxrwxrwx.   2 1004 root      2 Nov 28  2021 77c8163c-5109-9ef5-16f7-4e2f0a95b7ef
drwxrwxrwx.  94 1005 root    126 Nov 28 09:18 downloads
???????????   ? ?    ?         ?            ? eric
drwxrwxrwx.   2 1004 root      2 Aug 30  2018 lost+found
drwxrwxrwx.   2 1004 root      2 Nov  9  2021 music
-rwxrwxrwx.   1 1004 root 445594 Dec  9  2021 progress.log
???????????   ? ?    ?         ?            ? rsync8.log
???????????   ? ?    ?         ?            ? rsync9.log
-rw-r--r--.   1 1004 root 255768 Sep  3  2018 rsync.log
drwxrwxrwx.  16 1004 root     19 Aug 23 10:38 training

I was hoping that the `mapall` would help set the user as the root user on the server side to give me the access to view all files irrespective of my client UID/GID.

Do I need to set/configure something on the client side to give it access to everything? Why am I getting Input/output errors and Permission denied? As well as all the ??????? in the share's perms, UID, GID on the client side?

 

[sretalla]

Firstly, using the config file won't help you a lot as that's likely to be reset at any point by the config database and what the GUI says should be set.

Start by creating an NFS share in the GUI with mapall defined as root and see if that gets you somewhere.

 

[benze]

Firstly, using the config file won't help you a lot as that's likely to be reset at any point by the config database and what the GUI says should be set.

Start by creating an NFS share in the GUI with mapall defined as root and see if that gets you somewhere.

I am doing it through the GUI. I just listed the contents of the config file to make it easier to see the net result of the configuration.

Any suggestions would be greatly appreciated. Is there a limitation in TrueNAS that prevents Mapall to map to the root user?

Thanks,

Eric