How do Linux permissions work when mounting NFS?

[PeterFig]

When I mount a dataset to a Linux box using NFS, I can't write anything without "sudo". I understand how Linux permissions work on a local box, with local users, but not when I mount something via NFS. This leads to deep thinking where I convince myself I don't understand anything at all. Here is the goal:

• Read access for all (achieved)
• Write access for a particular user on client computer without "sudo" (help)

Thanks!

 

[PeterFig]

... and should I be mounting as NFS, or is there a better way?

 

[Mirfster]

Is this only going to be Linux/Unix systems attaching to the share?

 

[PeterFig]

Yes

 

[pirateghost]

UID and GID permissions

 

[PeterFig]

Right, but there are three UIDs involved here:

• "Root" (I guess) of the client computer, when it connects on boot using /etc/fstab
• User on the client computer
• User and group of the share

I found that an NFS line in my /etc/fstab will not take a uid or gid option. So I don't know what to do.

 

[PeterFig]

Perhaps fstab should only mount read-all stuff. Then, specific users have to `mount`, which has username/pw options, specifying the user/group on the server/share. Sound good?

 

[pirateghost]

NFS doesn't have a username/password concept.

It maps using UID or gid. In your FreeNAS server, set the NFS share to map all user or group and select a group or user that owns the dataset that will match the user/group IDs on the client that you want to map with.

 

[PeterFig]

I was not able to make sense out of the mapall/maproot functions, however...

I found that the Owner uid/gid specified on the FreeNAS share is what appears in the client computer uid/gid fields once mounted. So it appears I will not need to fuss with mappings. Just create a user and group with the desired id's on the FreeNAS server, and set that to the Owner(user) and Owner(group) of the share. When mounted, that uid/gid will show up as owner/group of the directory on the client computer. If those id's are defined on the client computer, there is nothing else to do. If they are not defined, you will have to `sudo` to do anything that is not allowed in the `everyone` permissions of the share.

This explains why I previously had to `sudo` to write anything. It was mounting with a gid/uid unknown on the client computer. Therefore only `sudo` could get pas the read-only permission for those outside the group.

 

[pirateghost]

Mapall/maproot is in the NFS share settings

 

[PeterFig]

Indeed I tried Mapall/maproot, and it didn't seem to do anything. Perhaps this was because I had "Apply Owner(user)" and "Apply Owner(group)" checked in the share permissions.