newbie needs some help with nfs permissions and encryption keys

[Tom_246]

Hi!

I'm trying to get my backup-server switched to TrueNAS using Scale 23.10.1.3.

Doing so, I do have the first two things, that I cannot figure out...

#1 nfs-share permissions
For testing I added the first nfs-share with the owners nobody:users and permissions set to '777'. The allowed network is set to a /24 netmask.
In my understanding, the share is completely open for everybody on the defined network.
- I can mount the share at my 'main-server'
- Copying the first folder (using 'mc') the folder is created but midnight commander shows an error that the chown-command fails.
- The same happens copying some files.
=> Why is this happening, having the share open with 777-permissions!?

#2 encryption keys storage
I don't like having the keys stored on the server. In a first step I would like to have them at an usb-stick and later on at a network-drive. To my surprise this is not possible. I have to use the enterprise-license to get this done (kmip).
Thinking about it, I can have an usb-stick mounted at boot and a softlink to the keyfile on it. Is this a proper solution? Are there other better options and some howtos to know what to do, to not destroy the server doing it?

I kindly appreciate your help.

Kind regards,

tom

 

[Tom_246]

Is it that my questions are to much newbie-ish?

Is there really nobody to help me getting the keys to an usb disk and off of the server? Is it in reality, that you're all do have the keys on the server? Cannot believe it...

As much as I see it, there is no way in getting an usb-disk etc. accessed with Truenas Scale!? Mr. Google isn't showing me any solution for this at least...

If this is true, I can forget about a TrueNAS-Server and don't need to waste more time on a solution that isn't possible...

Can it be done with TrueNAS Core?