Page 1 of 1

Per-export -maproot=userX OR -mapall=userX

Posted: 19 May 2015 08:17
by StuPiddaz
I'm trying to get permissions & user-mapping right for my NFS shares at home.

Additional info, in case it's relevant:
  • Using NAS4Free 9.3.0.2 (1480) Embedded/USB
  • Using ZFS
  • Created users and groups on the server (e.g. john, sally, backup, plex) for limiting access to shares
  • uids and gids are not synched across devices, so mapping is required
  • Assigned server owners/groups and permissions when creating my "mount points" through Disks|ZFS|Datasets|Dataset
[/size]
For NFS shares, there's a Yes/No option to Map all users to root, but my shares have specific owners/groups assigned to them, e.g.:

Code: Select all

drwxrwxr-x   4 plex    plex       4B May 17 00:16 plex
When a client connects to the plex share via NFS, I'd like to map the client's user (root or whatever) to a specific server-side user (e.g. plex), but the UI doesn't offer that option; it's map to root, or nothing.

Looking at /etc/exports...:

Code: Select all

/mnt/pool1/john -maproot=root -network 192.168.123.0 -mask 255.255.255.0
/mnt/pool1/plex -maproot=root -network 192.168.123.0 -mask 255.255.255.0
/mnt/pool1/sally -maproot=root -network 192.168.123.0 -mask 255.255.255.0
/mnt/pool1/backups -maproot=root -network 192.168.123.0 -mask 255.255.255.0
...it seems like it might just be a matter of changing it to -maproot=plex or -mapall=plex. Of course, /etc/exports is generated/updated by the UI, so manually editing the file is a delicate solution at best; I'd have to be careful never to do anything in the UI that might update /etc/exports and overwrite my changes.

The Shares tab of Services|NFS|Edit doesn't have an edit box for additional parameters, so I'm wondering if there is some other facility in the UI (e.g. custom scripts) that others use to accomplish this.

I would think this would be something most people would need to do, so perhaps the problem is that I'm missing the bigger picture; there's a better way to set this up, and I'm effectively trying to pound a screw in with a hammer...?

Re: Per-export -maproot=userX OR -mapall=userX

Posted: 25 Mar 2019 23:57
by artiom
I also have some use cases for this option. I have a NextCloud and an NFS share for its storage folder. I want to upload file (really big files) to the NFS and then manage them in the NextCloud.
So I need to -mapall=www for this particular share.
And I would use -mapall=users for another share where I want some files to be read only : for this I would just set them owned by root.

Implementation should be straight forward : in addition to yes/no value (and checkbox) propose a list of users when the box is checked with root as default.

Re: Per-export -maproot=userX OR -mapall=userX

Posted: 26 Mar 2019 06:43
by artiom
Here is a small hack to mountd rc script (/etc/rc.d/mountd)which implements mapall to any user name.

Code: Select all

--- mountd	2019-03-26 16:09:26.048668000 +1100
+++ mountd.new	2019-03-26 16:36:19.750540000 +1100
@@ -46,6 +46,7 @@
 	while [ ${_index} -gt 0 ]
 	do
 		_ipaddr=`configxml_get "//nfsd/share[position()=${_index}]/network"`
+		_mapall=`configxml_get "//nfsd/share[position()=${_index}]/mapall"`
 		_network=${_ipaddr%/*}
 		_mask=`get_subnetmask ${_ipaddr}`
 
@@ -63,8 +64,9 @@
 					-i "position() > 1" -o "," -b \
 					-v "local-name()" \
 				-b \
-				-i "mapall[. = 'yes']" -o " -mapall=root" -b \
-				-i "mapall[. != 'yes']" -o " -maproot=root" -b \
+				-i "mapall[. = 'yes']" -o " -mapall=root" \
+				--elif "mapall[. != 'no']" -o " -mapall=${_mapall}" \
+				--elif "mapall[. = 'no']" -o " -maproot=root" -b \
 				-o " -network ${_network} -mask ${_mask}" -n \
 			${configxml_file} | /usr/local/bin/xml unesc >> ${mountd_config}
 		fi

I am not familiar with GUI scripts, so in order for this to work I modify the config.xml manually and replace yes in the matched share entry by the desired user name.
Then you need to restart mountd

Code: Select all

service mountd restart
After you can see the correct entry in the /etc/exports file.

Re: Per-export -maproot=userX OR -mapall=userX

Posted: 31 Mar 2019 21:54
by ms49434
An auxiliary parameter section has been added in Release 6625.
services_nfs.png