It seems that it is currently not possible to disable "manage-gids" through the UI
System Settings > Services > NFS > "Support >16 groups" is correctly adding or removing "manage-gids=y" to/from /etc/nfs.conf.d/local.conf
However, there is a default in /etc/nfs.conf is not getting removed.
Potentially related to https://github.com/truenas/middleware/pull/11217
There is no nfs.conf in the TrueNAS-SCALE-22.12.4.2 image, therefore I assume this is limited to TrueNAS Scale 23
As a temporary workaround I disabled "manage-gids=y" in my /etc/nfs.conf file. My TrueNAS-SCALE-23.10.1 behaves as expected now.
Background:
When mounting nfs shares, I'm not able to use secondary/supplemental groups to access files.
Granting access to UID and primary GID works well, however the groups listed by "id" are not considered by TrueNAS.
I found that the culprit is "manage-gid" which will replace the supplemental groups from the client request with the supplemental groups from TrueNAS.
This is supposed to be a workaround for the 16 Group limitation of NFS/RPC and requires to configure additional groups server-side.
Since I do not synchronize the users and groups between clients (kubernetes containers with democratic-csi) and TrueNAS I do not want to use this workaround.
TrueNAS offers a checkbox in the Services > NFS configuration but regardless of the checkbox being enabled/disabled, TueNAS still runs Mountd with --manage-gids
System Settings > Services > NFS > "Support >16 groups" is correctly adding or removing "manage-gids=y" to/from /etc/nfs.conf.d/local.conf
However, there is a default in /etc/nfs.conf is not getting removed.
Potentially related to https://github.com/truenas/middleware/pull/11217
There is no nfs.conf in the TrueNAS-SCALE-22.12.4.2 image, therefore I assume this is limited to TrueNAS Scale 23
As a temporary workaround I disabled "manage-gids=y" in my /etc/nfs.conf file. My TrueNAS-SCALE-23.10.1 behaves as expected now.
Background:
When mounting nfs shares, I'm not able to use secondary/supplemental groups to access files.
Granting access to UID and primary GID works well, however the groups listed by "id" are not considered by TrueNAS.
I found that the culprit is "manage-gid" which will replace the supplemental groups from the client request with the supplemental groups from TrueNAS.
This is supposed to be a workaround for the 16 Group limitation of NFS/RPC and requires to configure additional groups server-side.
Since I do not synchronize the users and groups between clients (kubernetes containers with democratic-csi) and TrueNAS I do not want to use this workaround.
TrueNAS offers a checkbox in the Services > NFS configuration but regardless of the checkbox being enabled/disabled, TueNAS still runs Mountd with --manage-gids
