*New 12.1 series Release:
2019-11-08: XigmaNAS 12.1.0.4.7091 - released!

*New 11.3 series Release:
2019-10-19: XigmaNAS 11.3.0.4.7014 - released


We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

Per-export -maproot=userX OR -mapall=userX

Network filesystems.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
StuPiddaz
NewUser
NewUser
Posts: 3
Joined: 19 May 2015 06:31
Status: Offline

Per-export -maproot=userX OR -mapall=userX

#1

Post by StuPiddaz » 19 May 2015 08:17

I'm trying to get permissions & user-mapping right for my NFS shares at home.

Additional info, in case it's relevant:
  • Using NAS4Free 9.3.0.2 (1480) Embedded/USB
  • Using ZFS
  • Created users and groups on the server (e.g. john, sally, backup, plex) for limiting access to shares
  • uids and gids are not synched across devices, so mapping is required
  • Assigned server owners/groups and permissions when creating my "mount points" through Disks|ZFS|Datasets|Dataset
[/size]
For NFS shares, there's a Yes/No option to Map all users to root, but my shares have specific owners/groups assigned to them, e.g.:

Code: Select all

drwxrwxr-x   4 plex    plex       4B May 17 00:16 plex
When a client connects to the plex share via NFS, I'd like to map the client's user (root or whatever) to a specific server-side user (e.g. plex), but the UI doesn't offer that option; it's map to root, or nothing.

Looking at /etc/exports...:

Code: Select all

/mnt/pool1/john -maproot=root -network 192.168.123.0 -mask 255.255.255.0
/mnt/pool1/plex -maproot=root -network 192.168.123.0 -mask 255.255.255.0
/mnt/pool1/sally -maproot=root -network 192.168.123.0 -mask 255.255.255.0
/mnt/pool1/backups -maproot=root -network 192.168.123.0 -mask 255.255.255.0
...it seems like it might just be a matter of changing it to -maproot=plex or -mapall=plex. Of course, /etc/exports is generated/updated by the UI, so manually editing the file is a delicate solution at best; I'd have to be careful never to do anything in the UI that might update /etc/exports and overwrite my changes.

The Shares tab of Services|NFS|Edit doesn't have an edit box for additional parameters, so I'm wondering if there is some other facility in the UI (e.g. custom scripts) that others use to accomplish this.

I would think this would be something most people would need to do, so perhaps the problem is that I'm missing the bigger picture; there's a better way to set this up, and I'm effectively trying to pound a screw in with a hammer...?

artiom
NewUser
NewUser
Posts: 3
Joined: 16 Aug 2016 20:03
Status: Offline

Re: Per-export -maproot=userX OR -mapall=userX

#2

Post by artiom » 25 Mar 2019 23:57

I also have some use cases for this option. I have a NextCloud and an NFS share for its storage folder. I want to upload file (really big files) to the NFS and then manage them in the NextCloud.
So I need to -mapall=www for this particular share.
And I would use -mapall=users for another share where I want some files to be read only : for this I would just set them owned by root.

Implementation should be straight forward : in addition to yes/no value (and checkbox) propose a list of users when the box is checked with root as default.

artiom
NewUser
NewUser
Posts: 3
Joined: 16 Aug 2016 20:03
Status: Offline

Re: Per-export -maproot=userX OR -mapall=userX

#3

Post by artiom » 26 Mar 2019 06:43

Here is a small hack to mountd rc script (/etc/rc.d/mountd)which implements mapall to any user name.

Code: Select all

--- mountd	2019-03-26 16:09:26.048668000 +1100
+++ mountd.new	2019-03-26 16:36:19.750540000 +1100
@@ -46,6 +46,7 @@
 	while [ ${_index} -gt 0 ]
 	do
 		_ipaddr=`configxml_get "//nfsd/share[position()=${_index}]/network"`
+		_mapall=`configxml_get "//nfsd/share[position()=${_index}]/mapall"`
 		_network=${_ipaddr%/*}
 		_mask=`get_subnetmask ${_ipaddr}`
 
@@ -63,8 +64,9 @@
 					-i "position() > 1" -o "," -b \
 					-v "local-name()" \
 				-b \
-				-i "mapall[. = 'yes']" -o " -mapall=root" -b \
-				-i "mapall[. != 'yes']" -o " -maproot=root" -b \
+				-i "mapall[. = 'yes']" -o " -mapall=root" \
+				--elif "mapall[. != 'no']" -o " -mapall=${_mapall}" \
+				--elif "mapall[. = 'no']" -o " -maproot=root" -b \
 				-o " -network ${_network} -mask ${_mask}" -n \
 			${configxml_file} | /usr/local/bin/xml unesc >> ${mountd_config}
 		fi

I am not familiar with GUI scripts, so in order for this to work I modify the config.xml manually and replace yes in the matched share entry by the desired user name.
Then you need to restart mountd

Code: Select all

service mountd restart
After you can see the correct entry in the /etc/exports file.

User avatar
ms49434
Developer
Developer
Posts: 747
Joined: 03 Sep 2015 18:49
Location: Neuenkirchen-Vörden, Germany - GMT+1
Contact:
Status: Offline

Re: Per-export -maproot=userX OR -mapall=userX

#4

Post by ms49434 » 31 Mar 2019 21:54

An auxiliary parameter section has been added in Release 6625.
services_nfs.png
You do not have the required permissions to view the files attached to this post.
1) XigmaNAS 12.0.0.4 amd64-embedded on a Dell T20 running in a VM on ESXi 6.7U2, 22GB out of 32GB ECC RAM, LSI 9300-8i IT mode in passthrough mode. Pool 1: 2x HGST 10TB, mirrored, SLOG: Samsung 850 Pro, L2ARC: Samsung 850 Pro, Pool 2: 1x Samsung 860 EVO 1TB , services: Samba AD, CIFS/SMB, ftp, ctld, rsync, syncthing, zfs snapshots.
2) XigmaNAS 12.0.0.4 amd64-embedded on a Dell T20 running in a VM on ESXi 6.7U2, 8GB out of 32GB ECC RAM, IBM M1215 crossflashed, IT mode, passthrough mode, 2x HGST 10TB , services: rsync.

Post Reply

Return to “NFS”