dogwhistle
Cadet
- Joined
- May 18, 2022
- Messages
- 9
i'm running truenas core 13 server and debian 11 client.
summary: i would like to set up an NFS share with some kind of ACL permissions where different users have different permissions on different subdirectories on a dataset. if possible, i would like to map users between client and server by username/groupname, not by UID/GID. all without kerberos if possible.
ACL questions:
first of all, is it just me, or is the ACL editor in the webui pretty limited? for example, when i go to edit permissions on a dataset, i don't see how to add an ACL for subdirectories. i only see how for the root of the dataset.
am i missing something, or should i just be setting up ACLs from a terminal instead of the webui on truenas? if so, what should i use for setting them up?
NFS questions:
without kerberos, how can i map users between client and server by username/groupname, not by UID/GID. i.e., the users exist on both client and server, but their UIDs are inconsistent.
from my research so far, it sounds like the solution could involve:
i've tried several permutations of the above but haven't fully succeeded yet.
i would be very appreciative if someone could patiently explain what to do and why. thanks in advance.
btw, here's how my nfs mount looks on the client:
summary: i would like to set up an NFS share with some kind of ACL permissions where different users have different permissions on different subdirectories on a dataset. if possible, i would like to map users between client and server by username/groupname, not by UID/GID. all without kerberos if possible.
ACL questions:
first of all, is it just me, or is the ACL editor in the webui pretty limited? for example, when i go to edit permissions on a dataset, i don't see how to add an ACL for subdirectories. i only see how for the root of the dataset.
am i missing something, or should i just be setting up ACLs from a terminal instead of the webui on truenas? if so, what should i use for setting them up?
setfacl
in truenas (freebsd)? i'm a little confused because distinct utils like nfs4_setfacl
exist in linux. help?NFS questions:
without kerberos, how can i map users between client and server by username/groupname, not by UID/GID. i.e., the users exist on both client and server, but their UIDs are inconsistent.
from my research so far, it sounds like the solution could involve:
- nfs4
- configuring
idmapd
on the nfs client (NEED_IDMAPD=yes
in/etc/default/nfs-common
, matching the domain of the nfs server in/etc/idmapd.conf
) - possibly setting security to
sys
in the nfs share's settings in the server webui, but i don't understand what this does. it is apparently already enabled on my nfs client. - maybe enable
NFSv3 ownership model for NFSv4
in the nfs service settings in the webui, but honestly that doesn't sound like what i actually want. it sounds like this just enforces direct UID (not username) mapping? can anyone elaborate?
i've tried several permutations of the above but haven't fully succeeded yet.
i would be very appreciative if someone could patiently explain what to do and why. thanks in advance.
btw, here's how my nfs mount looks on the client:
Code:
sudo nfsstat -m /playground from 10.0.0.7:/mnt/mytank/some/playground Flags: rw,relatime,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=0.0.0.0,local_lock=none,addr=10.0.0.7