NFS host access sync and secure options

Discussion about using NAS on Linux and Unix OS.
Post Reply
grouillier
Starting out
Posts: 35
Joined: Mon Apr 19, 2021 11:47 am

NFS host access sync and secure options

Post by grouillier »

I'm new to all this, only have had my first QNAP about a week, a TS-230 running QTS 4.5.3.1652. So please forgive a newbie question; I did search before posting and did not find any applicable posts.

I'm exploring NFS access, and have it working for my limited needs. My question is about the sync and secure checkboxes under "Access right" on the Edit Shared Folder Permission, with permission type set to "NFS host access". Here is what my window looks like:

Image

I have the QTS 4.5.x User Guide, and it does not mention these two options at all. I did find mention of these two options in the QuTS Hero 4.5.x documentation here:

https://docs.qnap.com/operating-system/ ... 9C2CD.html

but is says only this - not too helpful:

Code: Select all

b. Optional: Select any of the following options:

sync

Select a sync option for this setting.

secure
Can someone please describe what these two options are supposed to do? Thank you.

[EDIT 5/21/2021] No replies yet, so I searched for what these terms might mean in a generic NFS sense, i.e., not QNAP-specific. I'd still appreciate if anyone has information on what this page means in QTS.

Regarding the secure option, this site https://web.mit.edu/rhel-doc/5/RHEL-5-m ... urity.html says that NFSv4 enforces individual user permissions, where as v3 replied on host permissions. I'm guessing this checkbox instructs the NAS to enforce those user-permissions.

Regarding sync, I found several discussions about sync vs. async file writes, but I don't think that is what this checkbox is about, since it is nested inside Access Rights. I found this discussion regarding the enforcement of consistent UID and GID for file access:

https://serverfault.com/questions/24089 ... ounting-en

But if that indeed what this checkbox is about, then I don't know what it would mean *not* to check it. Seems like enforcement is the default behavior of v4.
TS-230, TS-253A, both with latest stable QTS
pheralwombat
First post
Posts: 1
Joined: Mon Jun 21, 2021 12:28 am

Re: NFS host access sync and secure options

Post by pheralwombat »

These settings appear to match nfs export settings which you can refer to on the Redhat website or a system with the man loaded (Note: this doesn't appear to be on the qnap)

Code: Select all

sync
- For synchronous writes, the server replies to NFS clients only when the data has been written to stable storage. Many people prefer this option because they have little chance of losing data if the NFS server goes down or network connectivity is lost. {alternative option is; async, which is faster and less reliable}

Code: Select all

wdelay
- Used to optimise performance for batching up disk ios before flushing out the disk.

Code: Select all

secure
- Restricts clients to only be able to connect via reserved ports (port 1024 and below). Using the insecure option allows clients such as Mac OS X to connect on ports above 1024. This is a limited way of securing access, if you want to enhance security you are better off using firewalls, kerberos, and ACLs.

You can manage the NFS export settings from the cli on your qnap by:

Code: Select all

# vi /etc/config/nfssetting
If you make a change to nfs settings, make sure you restart the nfs service:

Code: Select all

# /etc/init.d/nfs restart
Finally you can view the export settings using this command replace "sharename" with the name of your share/export:

Code: Select all

# grep sharename /etc/exports 
Hopefully this helps.
grouillier
Starting out
Posts: 35
Joined: Mon Apr 19, 2021 11:47 am

Re: NFS host access sync and secure options

Post by grouillier »

Thanks, I appreciate the details.
TS-230, TS-253A, both with latest stable QTS
DroboDongo
New here
Posts: 7
Joined: Fri Jan 15, 2016 7:16 pm

Re: NFS host access sync and secure options

Post by DroboDongo »

pheralwombat wrote: Mon Jun 21, 2021 12:52 am Hopefully this helps.
It did, thank you for pointing me in the right direction on this, I had the same questions also.
Post Reply

Return to “Linux & Unix (NFS)”