Having a real hard time with NFS and permissions

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
N

NOTORIOUS VR

Member
Nov 24, 2015
78
7
8
43
I seem to be having a really hard time with NFS + permissions on my new setup. I'm not sure where the issue lies, but I've gone through multiple configurations, access rules/ACL configs, etc. Nothing really seems to work for me.

Scenario:

Ubuntu server - NFS mapped drives to my OmniOS ZFS shares (root=@server_ip)

SABZNBD will download, unpack and then copy the dir to the final share on the NFS. I can access the new DIR, but it always only has RW access no Execute.

So I can't delete, etc.

this is an ls -l on the DIR's:
Code: 
root@batcavefs:/storage_z2/other/Downloads/Newsgroups# ls -l
total 362
drwxrwxrwx 2 root root     7 Dec  3 20:21 1234.S02E04.DVDRip.x264-RPTV
root@batcavefs:/storage_z2/other/Downloads/Newsgroups#
root@batcavefs:/storage_z2/other/Downloads/Newsgroups#
root@batcavefs:/storage_z2/other/Downloads/Newsgroups# cd 1234.S02E04.DVDRip.x264-RPTV/
root@batcavefs:/storage_z2/other/Downloads/Newsgroups/1234.S02E04.DVDRip.x264-RPTV# ls -l
total 143739
-rw-rw-rw- 1 root root 146612830 Nov 19 21:00 1234.S02E04.DVDRip.x264-RPTV.mkv
-rw-rw-rw- 1 root root     76479 Dec  3 20:21 1234.s02e04.dvdrip.x264-rptv.jpg
-rw-rw-rw- 1 root root       814 Dec  3 20:21 1234.s02e04.dvdrip.x264-rptv.nfo
-rw-rw-rw- 1 root root       610 Dec  3 20:21 1234.s02e04.dvdrip.x264-rptv.sfv
-rw-rw-rw- 1 root root    106092 Dec  3 20:21 1234.s02e04.dvdrip.x264-rptv.srr
My current folder ACL's:


and SMB ACL:


I'm totally at a loss here
 
Last edited:
G

gea

Well-Known Member
Dec 31, 2010
3,157
1,195
113
DE
Permission wise, you have only one real chance if you want to combine NFS3 with CIFS
(as they are incompatibel regarding permissions):

- set the permissions to fully open (everyone@=modify with inheritance on)
- set aclmode to a mode that hinders NFS to change permissions (ex aclmode=restricted)
- restrict access based on client ip or nic (NFS settings or better use firewall settings)

Reasons:
- there is no authentication with NFS3. Access is based on client ip with a ownership of
new files to nobody or the UID of the client (different with client OS)
- NFS3 takes only care (if at all) at the client uid/gid settings on a "good will base"
- NFS does not respect SMB share settings but respects file/folder ACLs
(SMB ACL above means ACL on a SMB share - a Windows alike setting for SMB/CIFS)

- CIFS use authentication and authorisation based on Windows SID
- CIFS use Windows ntfs alike fine granular ACL with inheritance
- CIFS additionally respects ACL on a share that can restrict file/folder ACLs

If you create a new file/folder on either protocol with a restrictive setting,
you have no other chance to access it either than resetting to a fully open setting.

If you need authentication, you must switch to CIFS only with a user login
(or NFS4 with other problems)
 
Last edited:
  • Like
Reactions: Chuckleb
N

NOTORIOUS VR

Member
Nov 24, 2015
78
7
8
43
Well that makes a whole lot of sense for sure now... Although I did understand NFS3 had no auth. I didn't think of it that way.

On my last setup I used solely CIFS, so I didn't have these issues. I figured NFS might be a more elegant option this time around.

Yesterday I was thinking to move back to CIFS, this confirms that it would be what I need to use instead as I do like to keep the permissions in tact across the board.

Thank you Gea!
 
You must log in or register to reply here.
Top Bottom