I'm having some problems with permissions on my nfs shares. I've spent a few days trying to find information but without much luck. All the setup guides I find seem to focus on samba, and the few that do use nfs all say some variation of "I'm just going to set everyone to have all permissions just to avoid any issues" and then do something like chmod 777 or give others rw. But I think it's actually the 'issues' bit I want.
My plan doesn't feel very complicated... my intended file structure is basically something like this
Media
|
+--TV
|
+--Movies
|
+--Pictures
Documents
Apps
|
+--Jellyfin
(there would probably be more, but you get the idea)
I'm just running a small homelab, so I would be the only user. But I will be using different machines and VMs as I fiddle around and experiment. I'm also (hopefully) going to be running a Jellyfin server. My user (me) would need access from anywhere on my home network to basically everything, but I ideally want to limit the various apps to their own directories, so Jellyfin would only be able to access the Apps - Jellyfin as rw, and the Media-Movies, Media-TV directories as ro, but not the Documents directory, the Media-Pictures, and of the other apps data in the Apps directory.
I guess my question is how do I set this up? I can setup shares which my user can access, but i'm not sure how I would restrict say Jellyfin running in an LXC or docker container. I've been trying to read around and I get the feeling that the users and groups inside the OMV GUI won't really have an impact on nfs share permissions (please let me know if this is wrong!)
I've read this https://forum.openmediavault.o…s-network-file-system%2F= and it seems to say that everything will be accessible for default users on most Linux distros as they are part of the group 'users' which has the same GID as the group which owns directories OMV creates (the getting with permissions part). My user doesn't seem to be part of the 'users' group, and in fact I can't find the group in /etc/ group at all, but it's an old document and it does seem to work (please let me know if this is just dumb luck). But I also read another document (which I can't seem to find again - it was linked from OMV forum, I think it was on the extras wiki) talking about docker container permissions and how you have to change something (possibly the container default group GID?) and do GID matching to keep each container separate, otherwise they will also be in the 'users' default group and will have access to everything. But I was lost reading it (and I can't find it again anyway!!)
I'm at a bit of a loss, so if anyone has suggestions, or a guide that I should really be reading (ideally a practical 'type these commands' style guide) let me know.
Or should I not really be worried about this at all? Is effectively open access for everything OK for my use case (it doesn't feel like best practice but I'm not sure)
If I can get this all working (and a guide / walk through doesn't already exist) then I'd be happy to type something up (it would definitely need some close proof reading)
Feel free to just throw anything you think might be helpful at me - I'm very happy to *try* to learn