-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Datasets with NFSv4 ACL cannot be mounted in Containers
- Thread starter departy
- Start date
truecharts
Guru
- Joined
- Aug 19, 2021
- Messages
- 788
It would require manually setting the permissions, but we had reports that it is technically possible.
NFSv4 is a bit tricky: Even if, for example, our automatic permissions system would have support, a lot of containers try to do things like CHMOD, which are not possible on NFSv4 datasets.
NFSv4 is a bit tricky: Even if, for example, our automatic permissions system would have support, a lot of containers try to do things like CHMOD, which are not possible on NFSv4 datasets.
- Joined
- Mar 6, 2014
- Messages
- 9,554
That's incorrect. chmod is possible with NFSv4 ACLs depending on aclmode.
truecharts
Guru
- Joined
- Aug 19, 2021
- Messages
- 788
The default aclmode, when SMB-Share mode is picked on dataset creation, does not seem to allow that. We've also recieved similair reports when people imported a core pool.
We've had about 20 users by now scratching their head about it and our automatic chmod scripting erroring out.
It's awesome to know it technically could work, we 100% agree there, but as a project, we just had too many issues with it to be able to support it.
Please be aware we can only speak for our own project (and containers), not for TrueNAS or iX Systems.
Last edited:
- Joined
- Mar 6, 2014
- Messages
- 9,554
- Joined
- Mar 6, 2014
- Messages
- 9,554
If you need to install tools to interact with NFSv4 ACLs, then you can use nfs4xdr-acl-tools from here:
truecharts
Guru
- Joined
- Aug 19, 2021
- Messages
- 788
This is not really related to this topic, We just wanted to make clear we currently do not offer active support when using NFSv4.
There are no issues with any script, we've been able to confirm with iX Staff on Jira that SMB share mode, disables chmod capability on purpose (completely disables it, regardless of script or CLI). We are aware of the nfs4xdr-acl-tools, but have decided to not implement them yet, as we need our dev-time elsewhere.
- Joined
- Mar 6, 2014
- Messages
- 9,554
What do you mean by this specifically? Middleware does not currently allow users to specify NFSv4 ACL type for applications dataset. Are you referring to not supporting users mounting datasets with NFSv4 ACLs in containers (i.e. PLEX movies)? That seems arbitrary. Are you changing permissions on datasets that are mounted in containers?
truecharts
Guru
- Joined
- Aug 19, 2021
- Messages
- 788
Like many other big helm repositories, we do offer automated permissions solutions and some containers actively require CHMOD being available upstream. Those two issues combined lead us to, for the moment, not offering live discord support when running NFSv4.
We just want to make clear that not all Helm Charts and Apps are compatible with disabling CHMOD and we currently do not offer active support on our support discord to get it to work.
If you have any input on discussing our project design considerations, our contact details are available on our website. As we've made the agreement not to go into discussions on this forum and keep it limited to informing users about our project and SCALE Apps in general.
Last edited:
Is there any plans to change middleware behavior and to accept NFSv4?
- Joined
- Mar 6, 2014
- Messages
- 9,554
You perhaps misunderstand me. POSIX ACLs are forced for the dataset ix-applications. ou can mount datasets with NFSv4 ACLs in a container and as far as I know, it works as expected. The only gotcha is that you need to configure permissions for the relevant processes in the container to read / write data.
For example, if you have a "media" SMB share and wish to expose it to plex, you can configure so that the builtin_users group has MODIFY access (inheriting), and then look at id of the plex user in the container (I believe it is 972), and grant that id MODIFY with INHERIT as well. This can be accomplished with our webui permissions manager.
truecharts
Guru
- Joined
- Aug 19, 2021
- Messages
- 788
It's indeed important to, again, clearly note that we can only speak for our own project TrueCharts.
Our opinion on (and support of) any complication around NFSv4 are our own and not related to anything build by iX Systems.
TrueNAS SCALE itself fully supports mounting NFSv4 datasets to Containers/Apps.
Two projects, two different opinions on what is considered stable, which is totally fine :)
---
K.S.
- Joined
- Mar 6, 2014
- Messages
- 9,554
> Two projects, two different opinions on what is considered stable, which is totally fine :)
The behavior regarding chmod and the ZFS aclmode property is no different than in FreeBSD and Illumos, it has nothing to do with stability. It just requires a familiarity with underlying filesystems and operating systems.
The behavior regarding chmod and the ZFS aclmode property is no different than in FreeBSD and Illumos, it has nothing to do with stability. It just requires a familiarity with underlying filesystems and operating systems.
truecharts
Guru
- Joined
- Aug 19, 2021
- Messages
- 788
"Stable" was indeed a wrong choice of words:
SMB share-mode, of which NFSv4 ACL's are only a part, did not offer a consistent user experience.
We are aware of how we can adapt automatic permissions to compensate for the requirements of SMB share mode. We just did not have the time yet to adapt standard Linux scripting to natively support NFSv4 ACL's.
Current ETA for TrueCharts support of NFSv4 ACL's, is around Januari.
K..S.
Last edited:
Similar threads
