About NFS (Network File System)
This is sticky post because some people get confused about NFS, thinking that works in the same way as Samba or FTP.
NFS security mechanism is that you can write to the share if in your client you have a username with a UID/GID that is allowed to write to the folder in the server. So in simple terms, NFS is UID/GID local/remote matching. Remember user/groups names are used to mask UID/GID in friendly/human/easy-to-remember and readable format way. You can get the UID of a user by running id usernamein terminal. List folder contents with UID/GID instead of names ls -lan
What is UID/GID?
User identity number, is assigned at user creation. Root user has value of 0, system/daemon usernames usually have UID below 1000, OMV users are created with UIDs bigger than 1000. Groups also have number identifier. The user/UID align is done at this file /etc/passwd and group/GID at this file /etc/group
- The button privileges in shared folder section. does nothing in NFS, there is not user/password authentication.
- You can control read write or read only as a global option, not per user as we already know there is no authentication
- Even the defaults options presented are subtree_check,secure the server adds by default root_squash, to prevent the root user write on the client side. You can check that with exportfs -v
- The is no umask option here as like in netatalk, ftp or samba. A umask needs to be controlled in the client side. Ex: ~/.profile or ~/.bashrc ~/.bash_profile etc
Getting with permissions
In an standard OpenMediaVault shared folder (ownershipt root:users and permission 2775) that has been exported as NFS you should be able to write in the client side as long as the username trying to write has his primary group with GID=100. Most linux distros have the group users with GID=100. So in your client system if you want to write to the mounted NFS folder, then change your username primary group if is not already there by default. If you still have problems reset permissions on the server side.
Mac OS X:
As today in Mavericks, the primary GID of the users is in group staff[gid=20], this won't help you unless you change group ownership in your server to dialout[gid=20] group. This is not very practical since it will mess with samba users probably. To overcome this add this options in the NFS server:
The all_squash will force all mounts to be forced to the anonymous user(nobody username) /group (nogroup group) , and anongid will force map this anonymous user to the group 100 (users). You can leave out the option insecure but then you'll have to mount with resvport option in OSX. New files created in the OSX client side will be shown in the server side as belonging to user nobody (GID=65534). You can used anonuid if you want to make new files created on the client side have different ownership than nobody.
Create a kodi username in OMV, get his GID (1201 for example) and use in the NFS server anonuid and anongid. This will help you keep track of files created by kodi like subtitles or metadata.
The Kernel supports the following nfs versions +2 +3 +4 +4.1 you can check with cat /proc/fs/nfsd/versions
By default we mount in clients the following way
mount 10.10.10.12:/export/NFS-Share /mnt/NFS-Share This will mount using nfsv3
to mount in NFSv4 we have remove the export path so in any linux client would be
mount 10.10.10.12:/NFS-Share /mnt/NFS-Share
You can check the versions with mount -t nfs
in OSX should be
mount -t nfs -o nfsvers=4 10.10.10.12:/NFS-Share /mnt/NFS-Share
Pooling filesystems (AUFS, MHDFS and MergerFS)
Since this type filesystems don't have a uuid, you need to add fsid=1 or fsid=anynumber to the nfs extra options, make sure the number is not 0 and unique in case you're exporting multiple pools. You also need to add the crossmnt option for mergerfs.
openmediavault 3.0 now generates a unique fsid per exported folder by default so you don't need to add it manually.