About NFS (Network File System)

    • Offizieller Beitrag

    About NFS (Network File System)


    This is sticky post because some people get confused about NFS, thinking that works in the same way as Samba or FTP.


    Overview
    NFS security mechanism is that you can write to the share if in your client you have a username with a UID/GID that is allowed to write to the folder in the server. So in simple terms, NFS is UID/GID local/remote matching. Remember user/groups names are used to mask UID/GID in friendly/human/easy-to-remember and readable format way. You can get the UID of a user by running id usernamein terminal. List folder contents with UID/GID instead of names ls -lan


    What is UID/GID?
    User identity number, is assigned at user creation. Root user has value of 0, system/daemon usernames usually have UID below 1000, OMV users are created with UIDs bigger than 1000. Groups also have number identifier. The user/UID align is done at this file /etc/passwd and group/GID at this file /etc/group


    Notes

    • The button privileges in shared folder section. does nothing in NFS, there is not user/password authentication.
    • You can control read write or read only as a global option, not per user as we already know there is no authentication
    • Even the defaults options presented are subtree_check,secure the server adds by default root_squash, to prevent the root user write on the client side. You can check that with exportfs -v
    • The is no umask option here as like in netatalk, ftp or samba. A umask needs to be controlled in the client side. Ex: ~/.profile or ~/.bashrc ~/.bash_profile etc


    Getting with permissions

    In an standard OpenMediaVault shared folder (ownershipt root[0]:users[100] and permission 2775) that has been exported as NFS you should be able to write in the client side as long as the username trying to write has his primary group with GID=100. Most linux distros have the group users with GID=100. So in your client system if you want to write to the mounted NFS folder, then change your username primary group if is not already there by default. If you still have problems reset permissions on the server side.


    Tips


    Mac OS X:
    As today in Mavericks, the primary GID of the users is in group staff[gid=20], this won't help you unless you change group ownership in your server to dialout[gid=20] group. This is not very practical since it will mess with samba users probably. To overcome this add this options in the NFS server:


    all_squash,anongid=100,insecure


    The all_squash will force all mounts to be forced to the anonymous user(nobody username) /group (nogroup group) , and anongid will force map this anonymous user to the group 100 (users). You can leave out the option insecure but then you'll have to mount with resvport option in OSX. New files created in the OSX client side will be shown in the server side as belonging to user nobody (GID=65534). You can used anonuid if you want to make new files created on the client side have different ownership than nobody.


    OpenELEC:
    Create a kodi username in OMV, get his GID (1201 for example) and use in the NFS server anonuid and anongid. This will help you keep track of files created by kodi like subtitles or metadata.


    subtree_check,insecure,all_squash,anonuid=1201,anongid=100


    NFSv4


    The Kernel supports the following nfs versions +2 +3 +4 +4.1 you can check with cat /proc/fs/nfsd/versions 


    By default we mount in clients the following way
    mount 10.10.10.12:/export/NFS-Share /mnt/NFS-Share This will mount using nfsv3


    to mount in NFSv4 we have remove the export path so in any linux client would be
    mount 10.10.10.12:/NFS-Share /mnt/NFS-Share


    You can check the versions with mount -t nfs


    in OSX should be


    mount -t nfs -o nfsvers=4 10.10.10.12:/NFS-Share /mnt/NFS-Share


    Pooling filesystems (AUFS, MHDFS and MergerFS)

    Since this type filesystems don't have a uuid, you need to add fsid=1 or fsid=anynumber to the nfs extra options, make sure the number is not 0 and unique in case you're exporting multiple pools. You also need to add the crossmnt option for mergerfs.


    openmediavault 3.0 now generates a unique fsid per exported folder by default so you don't need to add it manually.




    Links:
    export options http://linux.die.net/man/5/exports
    nfs client mount options http://linux.die.net/man/5/nfs

    19 Mal editiert, zuletzt von subzero79 () aus folgendem Grund: added crossmnt mergerfs

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!