Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

NFS restrict by IP

Featured Replies

I'd like to restrict a share (using NFS) such that only one IP would be able to access the share.

 

"/mnt/user/media" -async,no_subtree_check,fsid=101 *(sec=sys,rw,insecure,anongid=100,anonuid=99,all_squash)

 

I guess I would need to replace the * with an IP above. Can I use exports- or must I do some sed voodoo in the go script and restart NFS on boot to accomplish this? I'm assuming if the exports- is used, when you restart the array/nfs those changes are lost in the real exports file?

 

Really I need some sort of security with NFS, just unsure how to implement this.

 

Thanks

You already see the issue with modifying the exports file via go script.  You can enable username password authentication for the share(s) and include the authentication in the mount string on your client, but is plain text.  Not sure how secure you want secure.

  • Author

I don't think you can supply a password on the mount string with NFS.

 

I seem to be having a hard time finding info on how to secure NFS.

Correct, it would be via uid/gid.  I played around with it a little so not sure if the idea will work as intended, but you should be able to restrict to IP and a specific user using the rules available in the GUI when you select private for the NFS export.  Set the share to NFS export private and a box should show up where you specify the export options.  There you would specify the IP and options like

192.168.1.2(rw,anonuid=xxxx,anongid=xxx)

where the xxx is the specific uid/gid which you can get via

grep <unRAID user> /etc/passwd

which will get you uid:gid.  Might need to play with the squash options if you want to map to nobody vs. specific user depending on your requirements.  The above is a basic example.

  • Author

Correct, it would be via uid/gid.  I played around with it a little so not sure if the idea will work as intended, but you should be able to restrict to IP and a specific user using the rules available in the GUI when you select private for the NFS export.  Set the share to NFS export private and a box should show up where you specify the export options.  There you would specify the IP and options like

192.168.1.2(rw,anonuid=xxxx,anongid=xxx)

where the xxx is the specific uid/gid which you can get via

grep <unRAID user> /etc/passwd

which will get you uid:gid.  Might need to play with the squash options if you want to map to nobody vs. specific user depending on your requirements.  The above is a basic example.

 

Thanks for the help, but still having problems.

 

I've create a user on the unRAID server (192.168.1.99) and found the uid/gid as you described:

 

bob:x:1000:100::/bin/false

 

I've added the line to the share and set the share to private:

 

192.168.1.10(rw,anonuid=1000,anongid=100)

 

Now, from 192.168.1.10, I use autofs with the following:

 

media   -rw,soft,nolock,intr,rsize=8192,wsize=8192 Tower:/mnt/user/media

 

I am now the user 'bob' on 192.168.1.10, and I go into the media directory which is mounted correctly, I see files but cannot write:

 

srv:/media/unraid-nfs/media$ touch test
touch: cannot touch `test': Read-only file system

 

Just so I understand, the user 'bob' does exist on the client but with a different uid/gid could that be the problem?

Late reply, was tdy with work.  Your uid/gid will need to match or use a squash option.  You can edit /etc/passwd on the client or server to make them match, but suggest reading up on that before doing it.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.