Re: Mounting NFS share from Synology NAS
On Tue, Feb 01, 2022 at 11:28:55AM -0500, Henning Follmann wrote:
> On Tue, Feb 01, 2022 at 04:32:57PM +0100, Christian Britz wrote:
> > This is my entry in /etc/fstab:
> > diskstation:/volume1/Medien /Daten nfs
> > nfsvers=4,rw,x-systemd.automount,noauto 0 0
> >
> > Mounting only works as root, I guess this is expected without further
> > configuration.
> >
> > 1. Security: It seems that the only security check is the check for my
> > IP adress. Is it possible to achieve more without dealing with Kerberos?
> >
> > 2. Accessing the mounted share with my personal user: The access rights
> > for /Daten look right, the user on the NAS has the same name as the user
> > on my machine. But:
>
> And how about the userId?
> The username does not mean anything. The access control is
> based on Id.
I'm unclear on how NFS v4 works. Everything I've read about it in the
past says that you have to set up a user mapping, which is shared by
the client and the server. And that this is *not* optional, and *is*
exactly as much of a pain as it sounds.
I'm looking at <https://help.ubuntu.com/community/NFSv4Howto> for example
and there's discussion back and forth on the page about how the user
mapping is not working as expected, and try this and that, and see this
bug....
I've never actually used NFS v4 myself. In fact, at work I have to go out
of my way to *prevent* it from being used, because some of the NFS servers
to which I connect (which are not under my control) don't support it.
The comment about the access being based on UID is certainly true for
NFS v3, though. NFS v3 ("regular, traditional NFS") controls mounting
options by the host's IP address, and controls file system access by
UID and GID. There may be some way to circumvent that, but I've never
done it. I just make sure the UIDs and GIDs match, the way you're
supposed to.
For a home network, I can't really imagine a need to go through all of
the NFS v4 hoops. I would just use NFS v3 with synchronized UIDs.
Reply to: