Page 1 of 1

No permission to read from NFS as user

Posted: Wed Mar 17, 2021 4:42 pm
by msssm
TS-110
Version: 4.2.6

Hello,

I can mount the NFS share from my Linux, but have no permission as user.

I created a user msm, permission for share /Download is RW, applied to all subfolders.
User and group permission for Download is Read/Write for users "admin" and "msm".
NFS-Settings are ALLS_QUASH to UID of msm. Allowed IPs are *.

/etc/exports is now:

Code: Select all

[~] # cat /etc/exports 
"/share/HDA_DATA/Download" *(rw,async,no_subtree_check,insecure,all_squash,anonuid=500,anongid=100)

[~] # ls -al /share/HDA_DATA/Download
drwxrwxrwx    3 admin    administ      4096 Mar 16 10:32 ./
drwxrwxrwx   32 admin    administ      4096 Dec  1 14:36 ../
drwxrwx---    2 admin    administ      4096 Jan 23  2018 @Recycle/
-rwxrwx---    1 admin    administ 3268147200 Nov 28  2015 backup.iso*

[~] # grep msm /etc/passwd 
msm:x:500:100:Linux User,,,:/share/homes/msm:/bin/sh

[~] # grep msm /etc/group  
users:x:101:msm
From filesystem view, the user msm has no permission as it is no member of group admin. I also tried to add the user to the admin group, but this did not solve it either.

On the Linux client it looks like:

Code: Select all

$ ls -al /mnt/lan/Download/
total 5641828
drwxrwxrwx 3 root root       4096 16. Mär 10:32 .
drwxr-xr-x 9 root root          0 17. Mär 07:12 ..
-rwxrwx--- 1 root root 3268147200 28. Nov 2015  backup.iso

$ mount |grep Download
nas:/Download on /mnt/autofs/lan/Download type nfs (rw,relatime,vers=3,rsize=32768,wsize=32768,namlen=255,soft,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.8.200,mountvers=3,mountport=30000,mountproto=udp,local_lock=none,addr=192.168.8.200)

$ md5sum /mnt/lan/Download/backup.iso
md5sum: /mnt/lan/Download/backup.iso: Permission denied
Before messing around on the terminal, how would I solve this from the QNAP gui?

Re: No permission to read from NFS as user

Posted: Mon May 17, 2021 4:15 pm
by grouillier
I've only had my first QNAP NAS - a TS-230 - for about a week, so I'm new to all of this. I've been trying to figure out NFS access for my LInux systems for the last day or so, and I've got it working for my limited needs. Here's what I learned so far. Users and groups permissions is not for NFS. It states specifically when that permission type is selected: "Edit the user and group permissions for access from Windows, MAC, FTP, and File Station."

So, as far as I'm understanding, the only permissions that affect NFS access are those showing when you change Select permission type to "NFS host access". On my system, I don't have any other type of authentication configured (e.g, Kerberos), so the Security column says sys, and I can't change it. I've configured the folder permissions to allow read-write access to my user id. I then connected to NFS as that user id, and was able to copy files to the share for which that user id had been granted access. Those files are showing my user id and my group id as the owner.

Looking at your listings, I don't see that you've done a root squash, so the admin account is storing file under it's own uid and groupid. I would suggest you only connect via your msm account, so that all files (and subdirectories) end up with msm:msm as the owner and group owner, respectively. Then you should be able to execute your md5sum successfully.

You can simply run "chown -R msm:msm *" as admin to change ownership of existing files in the download directory. Hope this helps.