August 27, 201312 yr I just migrated from 4.7 to 5.0-rc16c, and I'm having trouble getting my NFS exports to work the way they used to. In particular, I have one share that is used as a VMware datastore, which I want restricted to one IP address (my ESXi server) with read/write access. Under 4.7, I used "192.168.0.3(rw)", but when I set security to Private and use that same rule under 5.0, ESXi can't access the export. I found this thread which suggests a more convoluted rule, but even that doesn't work for me. The only ways I have been able to get working, are to set it to Secure, which allows read-only access to everyone, or Public, which allows everyone read-write. Neither is really an acceptable solution. Has anyone got IP-restricted NFS sharing working under 5.0? This seems like such a fairly fundamental limitation that I'm surprised there hasn't been more discussion of it; perhaps there are only a handful of us who actually use NFS?
August 27, 201312 yr Author Further info: I checked the system log to compare what unRAID is doing differently between public and private configurations: With sharing set to Private: Aug 27 11:46:10 Tower emhttp: shcmd (543): cp /etc/exports- /etc/exports Aug 27 11:46:10 Tower emhttp: shcmd (544): echo '"/mnt/user/Downloads" -async,no_subtree_check,fsid=101 *(ro,insecure,anongid=100,anonuid=99,all_squash)' >>/etc/exports Aug 27 11:46:10 Tower emhttp: shcmd (545): echo '"/mnt/user/ESX_Datastore" -async,no_subtree_check,fsid=100 192.168.0.3(rw,insecure,anongid=100,anonuid=99,all_squash)' >>/etc/exports Aug 27 11:46:10 Tower emhttp: Restart NFS... Aug 27 11:46:10 Tower emhttp: shcmd (548): exportfs -ra |& logger Aug 27 11:46:10 Tower emhttp: shcmd (549): /usr/local/sbin/emhttp_event svcs_restarted Aug 27 11:46:10 Tower emhttp_event: svcs_restarted With sharing set to Public: Aug 27 11:48:21 Tower emhttp: shcmd (551): cp /etc/exports- /etc/exports Aug 27 11:48:21 Tower emhttp: shcmd (552): echo '"/mnt/user/Downloads" -async,no_subtree_check,fsid=101 *(ro,insecure,anongid=100,anonuid=99,all_squash)' >>/etc/exports Aug 27 11:48:21 Tower emhttp: shcmd (553): echo '"/mnt/user/ESX_Datastore" -async,no_subtree_check,fsid=100 *(rw,insecure,anongid=100,anonuid=99,all_squash)' >>/etc/exports Aug 27 11:48:21 Tower emhttp: Restart NFS... Aug 27 11:48:21 Tower emhttp: shcmd (556): exportfs -ra |& logger Aug 27 11:48:21 Tower emhttp: shcmd (557): /usr/local/sbin/emhttp_event svcs_restarted Aug 27 11:48:21 Tower emhttp_event: svcs_restarted Now unless my eyes (and diff) are lying to me, the only difference is in the substitution of the desired IP address for the * wildcard. This should work, so I believe this should be categorized as a bug.
August 27, 201312 yr Author Ah, that could it. According to the VMware KB: The NFS server must allow read-write access for the root system account (rw). Well, that's a PITA. Fortunately the ESXi host is the only thing using NFS on my LAN, so it's not really that big of an exposure in my situation, but I could see how it would render unRAID unusable in other environments with stricter requirements.
August 27, 201312 yr While it has been a long time since I played around with setting up samba server, I do believe that Tom has included the means for a user to load additional samba commands to the smb.conf file by loading a file with user commands in it. This would allow the knowledgeable user to re-enable root as an allowable user...
August 28, 201312 yr While it has been a long time since I played around with setting up samba server,SMB!=NFS
August 28, 201312 yr While it has been a long time since I played around with setting up samba server,SMB!=NFS You are absolutely correct!!!
Archived
This topic is now archived and is closed to further replies.