Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

NFS and permissions

Featured Replies

I've created several NFS shares and discovered that files/directory permissions appear to be ignored completely.

 

This became obvious when did a test migration of a user home directory to my unRAID server.  My users are all in NIS, and their home directories are NFS mounted.  I've have it set up this way for years, where the NFS server is a Fedora machine (as are the clients).  I also have set up automount so that files can be seen via /net/<HOST>/<MOUNT>.  Permissions are always honored in this setup.  For example, user maria has home directory /home/maria (which is actually on server:/data/home/maria) containing a file foo.txt.  Directory /home/maria has permissions 755, the file is 644.  In this arrangement, user roland can see the file via

 

ls -l /net/server/data/home/maria/foo.txt

 

But an attempt to delete the file gets an error, "permission denied", as it should.

 

When I rsync'd the data for maria to the unRAID server, then do the equivalent

 

ls -l /net/tower/mnt/user/home/maria/foo.txt

 

I can see the file just fine.  But I can also delete it.  Oops, no protection at all.

 

The mount options I added for the share are the same ones I have on the current NFS server.  What I suspect is the default permissions the unRAID is adding are my problem, and I'm not sure how to override them.  Here's a log snippet from when I mounted the new NFS share for /mnt/user/home:

 

Nov 15 22:41:35 Tower emhttp: shcmd (63): mkdir '/mnt/user/home'
Nov 15 22:41:35 Tower emhttp: shcmd (64): chmod 700 '/mnt/user/home'
Nov 15 22:41:35 Tower emhttp: shcmd (65): rm /etc/samba/smb-shares.conf >/dev/null 2>&1
Nov 15 22:41:35 Tower emhttp: shcmd (66): cp /etc/exports- /etc/exports
Nov 15 22:41:35 Tower emhttp: shcmd (67): echo \"/mnt/user/astrofoto\" '-async,no_subtree_check,anongid=0,anonuid=0,all_squash,fsid=100' '*.rlent.pnet(sync,rw,no_root_squash)' >>/etc/exports
Nov 15 22:41:35 Tower emhttp: shcmd (68): echo \"/mnt/user/backup\" '-async,no_subtree_check,anongid=0,anonuid=0,all_squash,fsid=101' '*.rlent.pnet(sync,rw,no_root_squash)' >>/etc/exports
Nov 15 22:41:35 Tower emhttp: shcmd (69): echo \"/mnt/user/home\" '-async,no_subtree_check,anongid=0,anonuid=0,all_squash,fsid=102' '*.rlent.pnet(sync,rw,no_root_squash)' >>/etc/exports
Nov 15 22:41:35 Tower emhttp: shcmd (70): echo \"/mnt/user/music\" '-async,no_subtree_check,anongid=0,anonuid=0,all_squash,fsid=103' '*.rlent.pnet(sync,rw,no_root_squash)' >>/etc/exports
Nov 15 22:41:35 Tower emhttp: shcmd (71): echo \"/mnt/user/mythtv\" '-async,no_subtree_check,anongid=0,anonuid=0,all_squash,fsid=104' '*.rlent.pnet(sync,rw,no_root_squash)' >>/etc/exports
Nov 15 22:41:35 Tower emhttp: shcmd (72): echo \"/mnt/user/video\" '-async,no_subtree_check,anongid=0,anonuid=0,all_squash,fsid=105' '*.rlent.pnet(sync,rw,no_root_squash)' >>/etc/exports
Nov 15 22:41:35 Tower emhttp: shcmd (73): killall -HUP smbd
Nov 15 22:41:35 Tower emhttp: shcmd (74): /etc/rc.d/rc.nfsd restart | logger
Nov 15 22:41:35 Tower mountd[5133]: Caught signal 15, un-registering and exiting.
Nov 15 22:41:36 Tower kernel: nfsd: last server has exited, flushing export cache
Nov 15 22:41:37 Tower logger: Starting NFS server daemons:
Nov 15 22:41:37 Tower logger: /usr/sbin/exportfs -r
Nov 15 22:41:37 Tower logger: /usr/sbin/rpc.nfsd 8
Nov 15 22:41:37 Tower logger: /usr/sbin/rpc.mountd
Nov 15 22:54:26 Tower in.telnetd[6848]: connect from 192.168.3.20 (192.168.3.20)
Nov 15 22:54:28 Tower login[6849]: ROOT LOGIN on `pts/1' from `leavitt-wl.rlent.pnet'
Nov 15 23:02:29 Tower mountd[6403]: authenticated mount request from leavitt-wl.rlent.pnet:885 for /mnt/user/home (/mnt/user/home)

 

Removing no_root_squash makes no difference.

  • Author

Okay, the problem is the anonuid and anongid settings that unRAID puts there by default.  I've manually edited /etc/exports, restarted nfsd, and it all works very nicely.  The problem is, how can I make unRAID stop putting root in as the user?

  • Author

Hmm, it's a little more complicated.  Changing anonuid and anongid gets the expected permission denied message, but it doesn't work for the real user either.  In fact, at that point, I can't even list the directory contents.  Here's the line from /etc/exports.

 

"/mnt/user/home" -async,no_subtree_check,anongid=4294967294,anonuid=4294967294,all_squash,fsid=102 *.rlent.pnet(sync,rw,no_root_squash)

 

That user ID is what Fedora uses for nfsnobody.

 

So...how can I get NFS mounts that honor user permissions and user IDs?  The only other reference I've found to this problem is here: http://lime-technology.com/forum/index.php?topic=4272.0 and they don't have an answer either....

The problem is that unRAID started life as a SMB-only NAS, and I used Samba notion of users and permissions: For each share Samba lets you define "valid users" and "invalid users" and which users have read/write access, which have read-only, etc.  It is a different concept than unix owner/group/other.  In this environment, all files in the underlying file system are simply created with 'root' as the owner.  In addition, the 'x' bits of owner/group/other permission are mapped to 'emnulate' windows hidden/system/archive bits.

 

While this arrangement works great for windows networking, it's not so great for other protocols, especially NFS as you are seeing.  (Though if you are using NFS as "media server" protocol, and not more general use, the arrangement is workable.)

 

Anyway, bottom line is there is no "simple" way to fix this at the moment to do what you want to do.  However there is some new code coming to better support AFP & NFS, but this will require dumping Samba's model of users & permissions.  So I will wait until 4.5 series is done and we move on to 5.0 release.

  • Author

Thanks for the reply. 

 

It's disappointing to me as I really need this ability, so I'll probably be dropping unRAID for my usual RAID1+LVM 'cause I can't afford two file servers right now  :(  But I'll be watching for 5.x....

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.