Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[SOLVED]NFS shares are read-only?

Featured Replies

Hi guys,

 

Setting up my first unRaid box to replace my Slackware NAS (after I destroyed my data with an (unknowingly) aborted MD resize operation :o )

I'm using 6b14 with Pro license.

However, I can't make sense of the NFS export option for user shares...

Both Public and Secure give me:

root@MediaStore:~# exportfs -v
/mnt/user/Media
                <world>(rw,async,wdelay,insecure,root_squash,all_squash,no_subtree_check,fsid=100,anonuid=99,anongid=100,sec=sys,rw,root_squash,all_squash)
root@MediaStore:~# exportfs -v
/mnt/user/Media
                <world>(ro,async,wdelay,insecure,root_squash,all_squash,no_subtree_check,fsid=100,anonuid=99,anongid=100,sec=sys,ro,root_squash,all_squash)

While private with 192.168.2.2(rw) gives me:

root@MediaStore:~# exportfs -v
/mnt/user/Media
                192.168.2.2(ro,async,wdelay,insecure,root_squash,all_squash,no_subtree_check,fsid=100,anonuid=99,anongid=100,sec=sys,ro,root_squash,all_squash)

 

So does this mean to have writable NFS shares, they can only be public? while secure is read-only and private is read-only to specific machines/networks?

 

I have same problem :(

 

You know something new?

  • 2 months later...

Same problem in unraid 6.0 final

I'm assuming for 'Rule' on NFS share settings for Private share you set to "192.168.2.2(rw)" right?

 

If I look at /etc/exports it appears correct, yet output ouf 'exportfs -v' does indeed show (ro).  Never noticed this before - is there something wrong inside /etc/exports (asking you guys who might know this before I go research what's happening)?

  • Author

I think I solved it.

I absolutely needed to add (sec=sys)

 

 

For a NFS share called Test

rule: empty

/etc/exports:

"/mnt/user/Test" -async,no_subtree_check,fsid=110 

exportfs:

exportfs: No host name given with /mnt/user/Test (ro,async,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,fsid=110,anonuid=65534,anongid=65534,sec=sys,ro,root_squash,no_all_squash), suggest *(ro,async,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,fsid=110,anonuid=65534,anongid=65534,sec=sys,ro,root_squash,no_all_squash) to avoid warning

/mnt/user/Test  <world>(ro,async,wdelay,root_squash,no_subtree_check,fsid=110,sec=sys,ro,root_squash,no_all_squash)

 

With a rule like:

rule:

192.168.2.0/24(rw)

/etc/exports:

"/mnt/user/Test" -async,no_subtree_check,fsid=110 192.168.2.0/24(rw)

exportfs:

/mnt/user/Test  192.168.2.0/24(ro,async,wdelay,root_squash,no_subtree_check,fsid=110,sec=sys,ro,root_squash,no_all_squash)
/mnt/disk1      <world>(ro,async,wdelay,insecure,root_squash,all_squash,no_subtree_check,fsid=11,anonuid=99,anongid=100,sec=sys,ro,root_squash,all_squash)

 

the rw does not take effect unless I add sec=sys

Rule:

192.168.2.4(sec=sys,rw)

/etc/exports:

"/mnt/user/Test" -async,no_subtree_check,fsid=110 192.168.2.0/24(sec=sys,rw)

exportfs:

/mnt/user/Test  192.168.2.0/24(rw,async,wdelay,root_squash,no_subtree_check,fsid=110,sec=sys,rw,root_squash,no_all_squash)
/mnt/disk1      <world>(ro,async,wdelay,insecure,root_squash,all_squash,no_subtree_check,fsid=11,anonuid=99,anongid=100,sec=sys,ro,root_squash,all_squash)

 

Hope this helps

  • Author

Additionally from: http://linux.die.net/man/5/exports

RPCSEC_GSS security

You may use the special strings "gss/krb5", "gss/krb5i", or "gss/krb5p" to restrict access to clients using rpcsec_gss security. However, this syntax is deprecated; on linux kernels since 2.6.23, you should instead use the "sec=" export option:sec=

 

The sec= option, followed by a colon-delimited list of security flavors, restricts the export to clients using those flavors. Available security flavors include sys (the default--no cryptographic security), krb5 (authentication only), krb5i (integrity protection), and krb5p (privacy protection). For the purposes of security flavor negotiation, order counts: preferred flavors should be listed first. The order of the sec= option with respect to the other options does not matter, unless you want some options to be enforced differently depending on flavor. In that case you may include multiple sec= options, and following options will be enforced only for access using flavors listed in the immediately preceding sec= option. The only options that are permitted to vary in this way are ro, rw, no_root_squash, root_squash, and all_squash.

  • 4 years later...

I just wanted to say 'Thank you!' for sharing your experience!  It was a big help!  The unRaid documentation in this area is seriously lacking...  :(

  • 1 year later...

Ditto, found this very helpful.  

  • 1 year later...
  • Community Expert

Thank you for this, was tying to figure out NFS share rules, I have used SMB samba for almost everything and dabbled a bit with NFS these helped me get a nfs for unraid the way I wanted it to.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.