NFS permissions allowed but access denied

markfree · June 1, 2025, 9:17pm

After installing TrueNAS, I enabled NFS and created a basic share, but it is not accessible on my client PC.

These are the share permissions set in the dataset.

# getfacl -e /mnt/main/dados
# file: mnt/main/dados
# owner: root
# group: root
user::rwx
group::rwx
other::---

# ls -lah /mnt/main/dados/
total 602K
drwxrwx--- 22 root root  22 Jun  1 12:22  .
drwxr-xr-x  4 root root   4 May 31 19:44  ..

The user ID set on TrueNAS is different from the one on my client PC, but the username and password are the same, and the user belongs to an allowed group. Also, the NFS share basically has an * in the hosts field.

# groups my_user
my_user : builtin_users group_dados

When I use Files (Nautilus) to open the share (nfs://192.168.8.10:/mnt/main/dados), I receive an error message:

Unable to access location
Permission denied: Perhaps this host is disallowed or a privileged port is needed

Then, I looked for the share, and it showed up as available.

$ showmount -e 192.168.8.10
Export list for 192.168.8.10:
/mnt/main/dados *

I mounted it, but the access is denied.

$ sudo mount -v -t nfs 192.168.8.10:/mnt/main/dados /mnt/dados
mount.nfs: timeout set for Sun Jun  1 17:30:38 2025
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.8.10,clientaddr=192.168.7.3'

$ df -h /mnt/dados
Filesystem                    Size  Used Avail Use% Mounted on
192.168.8.10:/mnt/main/dados  5,1T  217G  4,9T   5% /mnt/dados

$ ls -lah /mnt/dados/
ls: cannot open directory '/mnt/dados/': Permission denied

I created a new group on the client PC that matches the one allowed on the NFS share, and added it to my user, but I still can’t access the share.

$ sudo groupadd -g 3001 group_dados
$ sudo usermod -aG group_dados my_user
$ groups my_user
my_user : my_user ... sambashare group_dados

$ sudo mount -t nfs 192.168.8.10:/mnt/main/dados /mnt/dados
$ ls -lah /mnt/dados/
ls: cannot open directory '/mnt/dados/': Permission denied

If I share the same dataset using SMB (smb://192.168.8.10), I’m asked for my user and pass is asked, and I’m granted access.

I thought it was a basic share, but I’m not sure what permission is missing.
Any thoughts on this matter?

rockstream · June 2, 2025, 12:19am

I am a TrueNAS newbie myself, so consider that when reading my advice…

I see that the /mnt/main/dados directory is owned by root/root with no read privileges outside the group. Although 3001 may have permissions for the share as a whole, I have found that if individual files or directories have more restrictive permissions the client will not be able to see them. Is there a reason that the owner must be root? Maybe try changing so the owner (or at least the group) is the 3001 one. Not sure why it would work with SMB, but maybe the user that your are logging into with is a member of root group.

markfree · June 2, 2025, 1:57am

That did the trick!

I was using root because it was the default when I created the dataset.
I thought that adding the new group to the ACL would to allow access.

After switching the dataset group, it became accessible.
Transfers are much faster now. A lot faster than SMB.

Thank you.