nfs options ignored?

Hi there,

I'm currently using OMV 6.9.10-5.

I want to share some folders via NFSv4 to my nVidia Shield TV Pro running Kodi.

Since I have no control over the uid and gid on Android TV I thought I could solve it via the anonuid and anongid options.

However, it seems like they are not applied.

NFS settings:

shared folder:

users:

here is my exports file (yep, I'm using a /27 subnet):

# This file is auto-generated by openmediavault (https://www.openmediavault.org)
# WARNING: Do not edit this file, your changes will get lost.

# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
# NFSv4 - pseudo filesystem root
/export 10.60.110.160/27(ro,fsid=0,root_squash,no_subtree_check,hide)

Am I missing something or is this behavior expected?

Furthermore: I can successfully mount the shared folder "downloads" but I can't see the subfolders, it looks empty to me. That's why I wanted to try out the options. I tried to mount the share using a clean install of Ubuntu LTS 22.04. Once I know this is working I'm going to work on the mounting inside Kodi.

Krisbee thanks, but I wanted to enforce NFSv4, that's why I omitted the checkbox for NFSv3.

From what I read in the documentation, that is the way NFSv4 exports look like (apart from the missing options).

I try to mount the share on the client via

sudo mount -t nfs4 <hostname>:/ <mountpoint>

I can see and open the downloads folder, but it's empty.

Thanks for the hints and the quick support, both of you. As soon as I enabled NFSv3 I could mount the share using NFSv4.2.

I don't get it, sorry. I just enabled NFSv3, my clients still connects via NFSv4.2 but I can access the folders.

Now my exports file looks like this:

# This file is auto-generated by openmediavault (https://www.openmediavault.org) 
# WARNING: Do not edit this file, your changes will get lost. 
# /etc/exports: the access control list for filesystems which may be exported 
# to NFS clients. See exports(5).
/export/downloads 10.60.110.160/27(fsid=7d8cefec-3808-42cc-83c4-248c013425ec,ro,all_squash,anonuid=1000,anongid=100,subtree_check,insecure)
# NFSv4 - pseudo filesystem root 
/export 10.60.110.160/27(ro,fsid=0,root_squash,no_subtree_check,hide)

No offense, I just want to understand it: I'm not a coder, but from looking at the source code the options aren't added at all to the NFSv4 exports, just the default options, right? The options are only added to the NFSv3 exports?

Are they generally not working with NFSv4 or is this an intentional "OMV-thing"? What's the reason?

Since I have no control over the UIDs and GIDs on Android TV I guess I'm stuck with NFSv3 then.

Zitat von votdev

The issue should be fixed in openmediavault 6.9.11, see https://github.com/openmediava…4f08e11df2606b1aa53a5e305.

Hi there, I just installed 6.9.11-1, disabled nfs, enabled nfs (with the same options as above, but with all_squash added) and added the share again.

my exports file now looks like this:

# This file is auto-generated by openmediavault (https://www.openmediavault.org)
# WARNING: Do not edit this file, your changes will get lost.


# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
/export/downloads 10.60.110.160/27(fsid=21b155d7-3713-4d9f-9415-84d3b8b0d602,ro,all_squash,anongid=100,anonuid=1000,subtree_check,insecure)
/export 10.60.110.160/27(rw,fsid=0,root_squash,no_subtree_check)

Is this expected? So the options are still not added to the NFSv4 share or am I missing or misunderstanding something?

From what I get now the NFSv3 line is added even when it's not enabled in the settings and the line

# NFSv4 - pseudo filesystem root 

is not there.

Again, no offense, I just want to understand what's to expect.

What's the intention to not add these additional options to NFSv4 exports?

Zitat von votdev

Yes. Is this what you expect?

Actually I thought if I add the options when I create the NFSv4 (and up)-only share that they are added to the corresponding exports line, for example:

/export 10.60.110.160/27(fsid=0,ro,all_squash,anongid=100,anonuid=1000,subtree_check,insecure)

But I understand now that

/export 10.60.110.160/27(rw,fsid=0,root_squash,no_subtree_check)

is just the pseudo root as you just said.

The options therefore are only added to the shared subfolders which should be fine.

I still can't mount the NFS export via Kodi, but I haven't had a look at the logs.

In every how-to that I saw the pseudo-root line is above the lines for the subfolders. Could that be a problem or is NFS aware in which line the pseudo-root is defined?

I tried it with a whole new share named test with r/w permissions for everyone. in order to rule permissions out.

But even then I couldn't mount in in Kodi, neither with the default nfs-sharing options nor with all_squash,anonuid=1000,anongid=100 added.

So i digged deeper and found the following line in the kodi.log (it's a bit of a hassle to get the logs from the Android TV system):

NFS: Failed to mount nfs share: / (mount_cb: NFS4: (path /) failed with NFS4ERR_PERM(-1))

From my point of view the mounting error stems from the pseudo-root export.

I edited the aforementioned global environment variable with fsid=0,ro,all_squash,anongid=100,anonuid=1000,subtree_check,insecure

And for the first time I'm able to successfully mount the shared folder "test".

Now I have to narrow it down which setting prevented me from mounting the share in the first place. I wanna keep things as close to the default settings as possible. Right now I think that the error lies in the missing "insecure" option on the pseudo-root export.

/// EDIT:

Yep, with the insecure option added to OMV_NFSD_V4_PSEUDO_ROOT_OPTIONS I can mount the share without any problems.

insecure is included in the default NFS sharing options. Is there any chance to add it to the OMV_NFSD_V4_PSEUDO_ROOT_OPTIONS by default?

Krisbee Yep, NFSv4 is supported. It's not enabled by default but you can enable it, which I did.

In one combination I could mount the share so that shouldn't be a general problem.

Right now I'm having problems again, but I guess I can work it out.

I tried enabling only NFSv3 in OMV to see if the insecure option is added there by default. After that I tried to force NFSv4 and up and now I can't mount the share because of an NFS version mismatch while accessing the pseudo-root export according to the kodi.log.

Uggghhh .. had to to an OMV reboot. Maybe somehow the announced NFS-version was stuck somewhere after the short change to NFSv3.

Now I can mount everything again.

Here's my current exports-file:

# This file is auto-generated by openmediavault (https://www.openmediavault.org)
# WARNING: Do not edit this file, your changes will get lost.


# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
/export/downloads 10.60.110.160/27(fsid=a9418d58-1480-4981-ba91-0d29fc5de3e9,ro,all_squash,anonuid=1000,anongid=100,subtree_check,insecure)
/export 10.60.110.160/27(rw,fsid=0,root_squash,no_subtree_check,insecure)

With that I can mount the downloads share without problems. I'll keep trying to narrow it down to the needed options. I wanna access the shares with the least permissions and options that are needed and wanna stay as close to the defaults as possible.

Krisbee To be honest: It's not really that important to me, but since OMV offers NFSv4, why shouldn't I use it?

I don't wanna cause any unnecessary work, but since I work in IT I guess I like to fiddle around with things like this. Worst thing to happen: I learn something along the way

It's kinda the same with IPv4 vs. IPv6. The newer versions of these protocols are out there for several years but most people stay with the stuff that they know.

My understanding of the insecure option is that it's needed if the client uses ports above 1024 because ports up to 1024 can only be used by root. Since working with lesser privileged accounts should be best practice (and because I have no control over the UIDs and GIDs on Android TV) I think the insecure option is even more secure (to some extent )

NFSv4 shared folders and even NFSv3 exports in OMV have this option as a default, that's why I switched versions earlier. Just on the pseudo-root export this option is "missing" by default.

Yeah, no big deal since I have it working now. I wanna set-up a shared Kodi library via a MariaDB container. In order to set up the whole thing I need to successfully mount the shares on the clients. I just thought I could use the "latest and greatest" protocols

After all of this trial-and-error I understand what votdev meant with the fix. If only NFSv4 and up was enabled then only the pseudo-root export was included in the exports-file but not the real shared folders itself. They were only included if NFSv3 was enabled too as it is the default syntax for NFSv3, without the pseudo-root.

But at least this "bug" with the exports-file while forcing NFSv4 and up was fixed by 6.9.11, thanks again.

I guess it's up to the devs if they add the "insecure" option to the OMV_NFSD_V4_PSEUDO_ROOT_OPTIONS.