NFS share and permissions

HTop · 04-26-2020, 03:26 AM

Hello,
I have to export a folder via NFS. On this folder, files are written by a user who is uid = 1009, gid=1009.
The export is exported read & write and it is accessible.

The NFS client user is uid = 1010, gid=1010. Such client needs to read, write and delete files on the NFS share. Also server's user has to put files on its folder.

Unfortunately, client user is not able to do because files are owned by a different user uid = 1009, gid=1009.

I'm not allowed to change UID and GID of client and server.
How can I set the export permissions and client nfs mount option in order to let client user work?

Regards,
H.

pan64 · 04-26-2020, 03:36 AM

look for NFS uid/gid mapping on the net

HTop · 04-26-2020, 03:45 AM

Thank you for your reply, can you give me more details or an example?

shruggy · 04-26-2020, 04:15 AM

See idmapd.conf(5).

HTop · 04-26-2020, 07:52 AM

The remote user is not in a domain.
What should I put on the Static section?

HTop · 04-26-2020, 09:30 AM

I did this, but not working, I'm still getting Permission Denied whe I tried to create a file from client on the nfs share.

SERVER IP: 192.168.217.12
CLIENT IP: 192.168.217.14

On server:
cat "/etc/exports"
/export 192.168.217.14(rw,sync,no_root_squash,no_subtree_check,fsid=452)

On client:
cat "/etc/fstab"
192.168.217.12:/export /mnt nfs4 nfsvers=4,rw 0 0

On Client:
/etc/idmapd.conf

[Translation]
Method=static
[Static]
donald@192.168.217.12 = micky

ehartman · 04-26-2020, 11:17 AM

Quote:

Originally Posted by HTop

/export 192.168.217.14(rw,sync,no_root_squash,no_subtree_check,fsid=452)

The combination of "rw" and "no_root_squash" is very insecure, unless you're the (only) root administrator on both machines!

Furthermore (never used this myself) I think the rpc.idmapd daemon must be started on the server (this is NOT the default). I quote

Quote:

rpc.idmapd is the NFSv4 ID <-> name mapping daemon. It provides functionality to the NFSv4 kernel client and server, to which it communicates via upcalls, by translating user and group IDs to names, and vice versa.

and

Quote:

Note that on more recent kernels only the NFSv4 server uses rpc.idmapd.
The NFSv4 client instead uses nfsidmap(8), and only falls back to rpc.idmapd if there was a problem running the nfsidmap(8) program.

HTop · 04-28-2020, 07:43 AM

Thank you.
I will try to remove no_root_squash and enable rpc.idmapd.

---
I tried but rpc.idmapd or rpcbind service is already started and the change did not work.

ondoho · 04-29-2020, 06:36 AM

Instead of asking for every hurdle you encounter you should really read up on the topic:

Quote:

Originally Posted by pan64

look for NFS uid/gid mapping on the net

FWIW, the arch wiki has a good NFS article.

Hailey's_Comet · 05-20-2020, 06:01 PM

Quote:

Originally Posted by ondoho

FWIW, the arch wiki has a good NFS article.

Thanks, I found what I needed! My requirements are that no matter who accesses the folder, the owner and group need to be mapped to the same SERVER user. Basically, what I used to use samba for but now Windows is not involved.

My config is:
closed, secure network (I.E., 4 computers and no internet)
on the server, u/gid 33=www-data

export:
/var/www 192.168.0.0/24(rw,all_squash,anonuid=33,anongid=33)

"all_squash" = all users are considered anon
"anon*=" map anonymous to...