SOLVED NFS mount configuration for user perms.

[hendry]

Following on from https://forums.freenas.org/index.php?threads/any-oss-mirror-hoster-here.70173/#post-484216


I am not sure what the simplest way to assign perms are here. I am mounting from a machine "knuckles" of which I am the only user.

I usually work from the userid hendry 1000. "knuckles" /etc/fstab has the line:
192.168.1.2:/mnt/red/mirror /mnt/mirror nfs defaults,nofail 0 2

i want full control of this dataset

But I get perm issues when writing to the mount, even as root!

Code:

192.168.1.2:/mnt/red/mirror on /mnt/mirror type nfs (rw,relatime,vers=3,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.1.2,mountvers=3,mountport=603,mountproto=udp,local_lock=none,addr=192.168.1.2)
[root@knuckles mirror]#  showmount -e 192.168.1.2
Export list for 192.168.1.2:
/mnt/red/mirror (everyone)
[root@knuckles mirror]# pwd
/mnt/mirror
[root@knuckles mirror]# touch testing
touch: cannot touch 'testing': Permission denied

Any advice how to configure my dataset here please? I'm looking to rock with the defaults as much as possible.

 

[KrisBee]

Set "Maproot user" to "root" and "Maproot group" to "wheel" on the NFS definition. Umount and then remount on your Linux client and your problem should be fixed.

But do you really want to be using the root account on Linux? When you say "i want full control of this dataset", think about which client accounts need to access the data. If it's only the "Hendry" account that will access the data, then set the dataset owner/group on FreeNAS to the "Hendry" account. If you don't have a "Hendry" account on FreeNAS create it with a UID/GID that matches the "Hendry" account on your "knuckles" machine. On the NFS definition set "Mapall User" to "Hendry" and "Mapall Group" to "Hendry".

There doesn't seem any reason why you shouldn't use NFSv4 rather than NFSv3. If you decide to change, you must check both "Enable NFSv4:" and "NFSv3 ownership model for NFSv4:" on the FreeNAS NFS service configuration.

 

[hendry]

Thank you!

 

[KrisBee]

Just to repeat, on the NFS definition set "Mapall User" to "Hendry" and "Mapall Group" to "Hendry". That setting ensures root on client access is squashed to your "Hendry" account.

 

[KrisBee]

P.S. If you wondered why that linux "root" access error occurred, as the uid/gid of root on both system is 0/0. The answer is buried in the FresBSD man pages for NFS exports (man 5 exports) :

In the absence of -maproot and -mapall options, remote accesses by root
will result in using a credential of -2:-2. All other users will be
mapped to their remote credential. If a -maproot option is given, remote
access by root will be mapped to that credential instead of -2:-2. If a
-mapall option is given, all users (including root) will be mapped to
that credential in place of their own.

And, IIRC, -2 turns into a uid/gid of 4294967294

This quirk has the effect of locking root out of your mounted NFS share. So if user "hendry" owned the FreeNAS dataset with perms set as owner:rwx, group:--- and other:--- Then on Linux, root would have no access. That might be useful.