Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

NFS private permissions

Featured Replies

I just migrated from 4.7 to 5.0-rc16c, and I'm having trouble getting my NFS exports to work the way they used to.  In particular, I have one share that is used as a VMware datastore, which I want restricted to one IP address (my ESXi server) with read/write access.  Under 4.7, I used "192.168.0.3(rw)", but when I set security to Private and use that same rule under 5.0, ESXi can't access the export.

 

I found this thread which suggests a more convoluted rule, but even that doesn't work for me.  The only ways I have been able to get working, are to set it to Secure, which allows read-only access to everyone, or Public, which allows everyone read-write.  Neither is really an acceptable solution.

 

Has anyone got IP-restricted NFS sharing working under 5.0?  This seems like such a fairly fundamental limitation that I'm surprised there hasn't been more discussion of it; perhaps there are only a handful of us who actually use NFS?

  • Author

Further info: I checked the system log to compare what unRAID is doing differently between public and private configurations:

 

With sharing set to Private:

Aug 27 11:46:10 Tower emhttp: shcmd (543): cp /etc/exports- /etc/exports

Aug 27 11:46:10 Tower emhttp: shcmd (544): echo '"/mnt/user/Downloads" -async,no_subtree_check,fsid=101 *(ro,insecure,anongid=100,anonuid=99,all_squash)' >>/etc/exports

Aug 27 11:46:10 Tower emhttp: shcmd (545): echo '"/mnt/user/ESX_Datastore" -async,no_subtree_check,fsid=100 192.168.0.3(rw,insecure,anongid=100,anonuid=99,all_squash)' >>/etc/exports

Aug 27 11:46:10 Tower emhttp: Restart NFS...

Aug 27 11:46:10 Tower emhttp: shcmd (548): exportfs -ra |& logger

Aug 27 11:46:10 Tower emhttp: shcmd (549): /usr/local/sbin/emhttp_event svcs_restarted

Aug 27 11:46:10 Tower emhttp_event: svcs_restarted

 

With sharing set to Public:

Aug 27 11:48:21 Tower emhttp: shcmd (551): cp /etc/exports- /etc/exports

Aug 27 11:48:21 Tower emhttp: shcmd (552): echo '"/mnt/user/Downloads" -async,no_subtree_check,fsid=101 *(ro,insecure,anongid=100,anonuid=99,all_squash)' >>/etc/exports

Aug 27 11:48:21 Tower emhttp: shcmd (553): echo '"/mnt/user/ESX_Datastore" -async,no_subtree_check,fsid=100 *(rw,insecure,anongid=100,anonuid=99,all_squash)' >>/etc/exports

Aug 27 11:48:21 Tower emhttp: Restart NFS...

Aug 27 11:48:21 Tower emhttp: shcmd (556): exportfs -ra |& logger

Aug 27 11:48:21 Tower emhttp: shcmd (557): /usr/local/sbin/emhttp_event svcs_restarted

Aug 27 11:48:21 Tower emhttp_event: svcs_restarted

 

Now unless my eyes (and diff) are lying to me, the only difference is in the substitution of the desired IP address for the * wildcard.  This should work, so I believe this should be categorized as a bug.

What user are you trying to use for access. Root no longer can be used.

  • Author

Ah, that could it.  According to the VMware KB:

 

The NFS server must allow read-write access for the root system account (rw).

 

Well, that's a PITA.  Fortunately the ESXi host is the only thing using NFS on my LAN, so it's not really that big of an exposure in my situation, but I could see how it would render unRAID unusable in other environments with stricter requirements.

 

While it has been a long time since I played around with setting up samba server, I do believe that Tom has included the means for a user to load additional samba commands to the smb.conf file by loading a file with user commands in it.  This would allow the knowledgeable user to re-enable  root as an allowable user...

While it has been a long time since I played around with setting up samba server,

SMB!=NFS

While it has been a long time since I played around with setting up samba server,

SMB!=NFS

 

You are absolutely correct!!!  :-[

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.