NFS share permissions, looking for documentation and best practices

[heis2201]

Hello!

first time poster here.
I am running Truenas 12.0, created a storage pool, created a dataset called "backup". My aim is to share that dataset over NFS with two different machines runnning Fedora Linux. From the Fedora clients I would want to push backups to the NFS share.

My issue is around permissions, uid and gid. I would want to share the nfs in read/write mode (mapuser=root ??) and I don't want to have to use root or sudo on my clients to mount the nfs share. File ownership should not change when transferring to the nfs backup share. Is that possible?
I checked documentation but that unfortunately that didn't help. (https://www.truenas.com/docs/core/coretutorials/sharing/nfs/nfsshare/)

Is the process of properly sharing a dataset on NFS and mounting the share on client side documented and described somewhere?

What would be a more appropriate way to backup personal data from GNU Linux clients?

Many thanks!

 

[Nick2253]

My aim is to share that dataset over NFS

Is there a particular reason why you are choosing NFS over SMB? Generally speaking, I'd recommend SMB over NFS for any application where user-based permissions are required.

I don't want to have to use root or sudo on my clients to mount the nfs share.

This is based entirely on your client configuration, and has nothing to do with TrueNAS.

File ownership should not change when transferring to the nfs backup share. Is that possible?

It depends on exactly what you're trying to accomplish. If you have a file on the client owned by UID 12345 and GID 12345, then you can write it to the NFS share with those permissions, and then read it from the NFS share with those permissions. However, if you're trying to write a file owned by "bob:bob", and what to read it from any other client or the server using user "bob", then you have to have a way to make sure that all the machiens (clients and server) understand that "bob" is the same "bob" (in other words, map all the UIDs and GIDs together). In NFS-land, you can use idmap for this. Or you can manually make sure that "bob" has the same UID for all clients (and the server).

Is the process of properly sharing a dataset on NFS and mounting the share on client side documented and described somewhere?

"Properly" is a loaded word, because what is "proper" for me may be entirely "improper" for you.

 

[heis2201]

Thank you for your answer.

Is there a particular reason why you are choosing NFS over SMB? Generally speaking, I'd recommend SMB over NFS for any application where user-based permissions are required.

because my clients are all Linux machines, I thought this would be more appropriate (and faster).
What does change in terms of file ownership if I switch to smb?

This is based entirely on your client configuration, and has nothing to do with TrueNAS.

ok

It depends on exactly what you're trying to accomplish. If you have a file on the client owned by UID 12345 and GID 12345, then you can write it to the NFS share with those permissions, and then read it from the NFS share with those permissions. However, if you're trying to write a file owned by "bob:bob", and what to read it from any other client or the server using user "bob", then you have to have a way to make sure that all the machiens (clients and server) understand that "bob" is the same "bob" (in other words, map all the UIDs and GIDs together). In NFS-land, you can use idmap for this. Or you can manually make sure that "bob" has the same UID for all clients (and the server).

yes, I guess I have to manually ensure that "bob" has the same UID on all machines.

"Properly" is a loaded word, because what is "proper" for me may be entirely "improper" for you.

that's true, however, I guess there is like a gold way of backing up data (home dir) from a Linux machine to a Truenas share.