how to set NFSv4 permissions?

[Sergey07]

I cannot understand how to set proper permissions for NVSv4.
I set NFS share and if I mount it by using NFSv3 the permissions are correct.
But if I mount it by using NFSv4 the group and user permissions are 32767.
I am using NFSv3 model for NFSv4; I expected that permissions will be the same as they were for v3.
I tried to switch to 'Support > 16 groups' but it did not help either.
If I understand correctly the problem is with 'nfsuserd' that incorrectly identifies the domain.
But I thought that NFSv3 model should resolve this problem.
I set my server name 'freenas.home', my workstation is pcbsd10.home; I expected that they should match, if 'nfsuserd' is used.
The structure of directories is /mnt/MEDIA/Movies, NFSv4 root is '/', 'Movies' is also shared as NFSv3.
If I mount 'Movies' as v3 then files have proper permission but if I mount '/mnt/MEDIA/Movies' as v4 the permissions are incorrect.
NFS has 'Enable NFSv4' and 'NFSv3 ownership...' checked. 'Movies' has 'Maproot user' set to root and 'All directories' checked.

 

[fracai]

Enabling NFSv4 seems to be a common issue. Either due to a bug or lack of configuration knowledge. I'm seeing the same issue with NFSv4 and the same issue is discussed here: https://forums.freenas.org/index.php?threads/nfs-owner-group.43935/

 

[Mirfster]

Out of curiosity have you configured the NFS Service? Thinking about the "NFSv3 ownership model for NFSv4" checkbox option...

Per the manual:

The “NFSv3 ownership model for NFSv4” checkbox has been added to Services→NFS

I tried to switch to 'Support > 16 groups' but it did not help either.

Also the informational next to it states:

Use the NFSv3 ownership model for NFSv4. This circumvents the need to sync users and groups between the client and server. Note that this option is mutually incompatible with the > 16 groups option

 

[Sergey07]

NFS has 'EnableNFSv4' and 'NFSv3 ownership...' checked.
This is what I wrote in my previous post.
An of course I reboot freenas
And the users are the same, and some of files have root/ wheel but they also reported with incorrect permissions

 

[styno]

NFS has 'EnableNFSv4' and 'NFSv3 ownership...' checked.

Can your client handle this? On RHEL (based) machines this is toggled in /sys/module/nfs/parameters/nfs4_disable_idmapping (Y by default from my tests).
I guess you only want to use v4 if the application really requires it.

 

[philhu]

Has anyone worked this out? My nfs volume does not have v4 checked. But the idmapping always comes out at the mapall user and group. If I do not set these, the system uses nobody:nobody.

If I try to change it with chmod, as root, I get 'Changing owner: Operation not permitted'

It seems to work fine on Synology and QNAP servers

Why is it not allowed to change a nfsver3 volume file/directory ownership?

 

[Mirfster]

I may run a few tests today, if I get time. No promises though.

 

[philhu]

If you could that would be great. It DOES seem to be a NFS Permission error, when they added the v3 mapping feature.

 

[cyberjock]

I've worked with quite a few TrueNAS customers that use NFSv4. It works just fine. It does require you to know your stuff, above and beyond just using NFSv3.

I won't lie, its not something that I would call "trivially used" if you've never used NFSv4 and expect it to work like NFSv3. It will work fine if you know how to use it. ;)