I’m trying to export a NFS share to a Proxmox server.
The parameters are few on both sides, so messing up the configuration seems to require quite the effort.
I did some testing and…I just can’t make the share work unless Maproot User and Group are both set to “root” (or respectively to “root” and “wheel”).
Otherwise I get a permissions error.
Now, is this a good idea?
Is it safe to give the root user root-level freedom?
Is there no way to use a non-built-in user, to make the share work?
Here is all the info you pointed out; I didn’t see any reference to a “user”, on Proxmox’s side. The documentation I found didn’t mention user credentials, on the client side.
I made the “proxmox” user/group just to limit the freedom of the client when accessing the NFS share.
Maybe I misunderstood something…?
The default permissions on newly-created generic datasets are basically (755)
owner - rwx
group - rx
other - rx
With owner / group being id 0 (root:root / root:wheel).
NFS (unless you’re using kerberos) doesn’t really have a concept of authentication. The client specifies a bunch of IDs its performing the operation as, and the server basically accepts that (unless you use mapall / maproot). This means you need to manually coordinate what the client and server are using. This is nothing unique to TrueNAS, it’s simply how the protocol works (and I recommend becoming familiar with its ins-and-outs since you’re relying on it in your environment).
The mapall works because you have default permissions and have configured the server to ignore what client is sending and treat them as root.
Sorry, realized you were using maproot. Normally NFS servers don’t allow root access for security reasons (remaps it to specified user / group). By setting a maproot to root:wheel you’re basically disabling this security feature and allowing access as root if client requests it.
If you want all access to an export to be as a particular user, you use a “mapall” override. This is covered in our online documentation.
To map user permissions to the root user, enter a string or select the user from the Maproot User dropdown list. To map the user permissions to all clients, enter a string or select the user from the Mapall User dropdown list.
To map group permissions to the root user, enter a string or select the group from the Maproot Group dropdown list. To map the group permissions to all clients, enter a string or select the group from the Mapall Group dropdown list.
This is what I’ve found in TrueNAS’ documentation about “NFS access permissions”.
Most likely it’s because I’m a newb, but I find it a bit too shallow as an explanation.
No examples, no tutorials, no troubleshooting.
I need something more in-depth or with references to other sources that can actually guide me.
For instance, what are the requirements for a user to be able to modify the NFS share?
How do I tell the client to present itself as that user (or any user at all)?
I hope I’m not getting annoying, with my newbieness. ^^’
As I was saying, this is not TrueNAS specific, you should probably start by reading NFS manpages and understanding how stuff works regarding the protocol.
