Are there any Linux updates affecting nfs?

[Raksasas]

@KrisBee

@Raksasas For NFS share set up, I'd set dataset "Case Senstivity" to "sensitive".

Is this because it would match *nix standard case sensitive while windows usually doesn't care in it's native environment? I was thinking from reading the freenas doc that setting it to "Insensitive" would make it more friendly for the windows users when accessing my network shares.

The Last point was my error, that should have read "it's the id of a secondary group of some .. " [now edited]. This is where you may have gone astray re: your use of group ids. You can put linux users into a secondary group which matches an owner group on a FreeNAS dataset, but those linux users will use their primary groups when performing actions on mounted datasets.

That is making sense. Then how would I setup a collaborative share with NFS? Is this where the "nobody" and "mapall" come into play? Also how does the "nobody" & "mapall" affect SMB shares or does it? Just trying to understand.

 

[KrisBee]

Accessing the same data on FreeNAS from both Windows and Linux is problematic. One thing that’s bound to fail is allowing simultaneous access via a windows and NFS share on the same data.

You should read this selection old forum threads on the topic:

https://forums.freenas.org/index.ph...n-windows-and-other-forbidden-subjects.43415/
https://forums.freenas.org/index.php?threads/cifs-share-and-unix-permissions.45032/
https://forums.freenas.org/index.php?threads/cifs-and-nfs-together.10918/
https://forums.freenas.org/index.ph...managed-users-permissions-nfs-vs-samba.55195/

IIRC, Windows services for NFS has existed since win7 and it’s certainly in win10, but don’t ask me it that’s pro or above versions only, or what limitation it might have such as read-only. So that’s another possibility.

You said you were using smb shares but moved to NFS. If so, you may have watched these two recommended youtube vids and/or read this other forum thread:

https://www.youtube.com/watch?v=RxggaE935PM
https://www.youtube.com/watch?v=QhwOyLtArw0
https://forums.freenas.org/index.ph...-of-how-to-configure-share-permissions.35276/

You can do the “advanced smb share” permissions work via Windows Explorer as FreeNAS is zfs based and it uses NFSv4 ACLs, which is virtually the same as Windows ACLs. If you were to attempt to do this sort of thing directly on your FreeNAS server, then you’d have to use the getfacl and setfacl commands and would need to be familiar with the complexities of NFSv4 ACLs. Keep in mind that Linux only supports the simpler POSIX ACLs which is a subset of NFSv4 ACLs.

There’s no single answer to your question about a “collaborative NFS share” configuration as it depends on what “collaborative” means in terms of a given user’s access to another user’s directories & files. Using mapall of the user/group gives one kind of collaborative share in that any client with an allowed IP that can mount the share, and simultaneous access should be handled through standard file locking. But the original user’s id is lost. If you are not going to use ACLs, then anything else will need creative use of users and groups and possibly the special permission bit setgid. If you find examples on the web that depend on server side configuration that uses ACLs , take care that these can translate from POSIX ACL to NFSv4 ACL before attempting to apply them to a FreeNAS NFS server.

The NFS share mapping setting do not apply to SMB shares. But check the Linux man pages for mount.cifs to see uid/gid mount options.

 

[Raksasas]

Update to my comments (#21) above.

I am going to go with "Case Senstivity = sensitive". From reading a the forums here I have found that Samba handles the compatibility things for you...

 

[Raksasas]

I will go through what you have provided above..

IIRC, Windows services for NFS has existed since win7 and it’s certainly in win10, but don’t ask me it that’s pro or above versions only, or what limitation it might have such as read-only. So that’s another possibility.

You are correct this has. My understanding is that you have to go in and manually enable NFS on windows systems. I am not positive on Windoes 10.

You said you were using smb shares but moved to NFS. If so, you may have watched these two recommended youtube vids and/or read this other forum thread:

Well, I am wanting to use both. NFS for my systems although I have yet to turn on NFS on my one windows system. Now, if my above statement is true then I would like to leave Samba on for people who may be visiting. This is for 2 reasons: 1. I don't want to have to do any administration of their systems. 2. Puts me in more of a support role because of the "hey, you know computers can you help me with X" to which I really don't mind until I get one of those super needing people. If you know what I mean.

 

[Raksasas]

@KrisBee

Wow! Thanks for opening my eyes and/or possibly reminding me of that info. I set my nas up 2 years ago with 9.3. Btw, that last link doesn't work. The one below the videos.

So SMB (CIFS) "only" it is as I believe it will be friendly for friends/family to use. Do you mind checking\verifying my setup?

Dataset = temp1
Setting the following:

Create dataset

• Name = temp1
• Comment = temp1
• Sync = inherit (standard)
• Compressions level = inherit (lz4)
• Share type = windows
• Enable atime = Inherit on
• ZFS Deduplication = inherit (off)
• Case Sensitivity = sensitive

Edit permissions

• Owner (user) = nobody
• Owner (Group) = Users (I created on FreeNAS , Group ID = 1000, back in 9.3)
• Mode = This grays out after setting "Permission type" to Windows
• Permission type = Windows
• Set permission recursively: = enabled (I know this is really only needed if files are in the share already but I don't see it as a problem to just go ahead and do it)

Select Sharing -> Windows (SMB) and Add Windows (SMB) Share

• Path = /mnt/misfits/temp1
• Use as home share = unchecked
• Name = temp1
• Apply Default Permissions = enabled
• Allow Guest Access = unchecked

Should I do anything within the "Advanced Mode" settings? Export Recycle Bin?

I am wanting to move the files in the old existing datasets into the new dataset to clear out any... problems with permissions(?). Should I run any commands on the FreeNAS before doing so, chmod/chown? As in making sure all the permissions match on the files before doing so. If so, what permission values should they be set to. I still get confused in that department. I am planning on using rsync to move the files once I remember/lookup the flags to use. Also I don't use this command enough as I probably should.

Thanks for everything.

 

[KrisBee]

I wasn't trying push you back to using CIFS in Linux, just pointing out the problem of simultaneous access of the same data via both NFS and SAMBA shares. I should clarify my comment about this applies to simultaneous read/write access via the two different protocols. Some say it's OK if one or the other offers read-only access (See this old thread: https://forums.freenas.org/index.php?threads/cifs-and-nfs-together.10918/ ). But I wouldn't like to rely on that.

Really you need to test things out to see if your new proposed share setup works as you want/think. DO NOT move data around until you're totally satisfied things are correct.

The typical linux desktop distro provides for mounting SMB shares in whatever default filemanager they use ( e.g nautilus, thunar, dolphin, etc. ) The helper apps that do that are likely to mount FreeNAS SMB shares with a uid/gid of the active linux user, irrespective of what user credentials you've used to access the share. Thus the owner/group presented in Linux is not necessarily what it is on the FreeNAS dataset. The same can be true if you mount a SMB share at the CLI. Things are acceptable for rw access if the SMB share and FreeNAS data accessed in Linux is owned by the Linux user who mounts it, or for read only access where the FreeNAS data is owned by various users. In other cases, you can be left with a puzzle to solve.

My comments apply to a typical home network without the use of a domain controller, etc.
Googling on the subject of "cifs and nfs on same share" or "samba and nfs share same folder" or the equivalent will show how this can all descend into a can of worms.

 

[Raksasas]

I wasn't trying push you back to using CIFS in Linux, just pointing out the problem of simultaneous access of the same data via both NFS and SAMBA shares. I should clarify my comment about this applies to simultaneous read/write access via the two different protocols. Some say it's OK if one or the other offers read-only access (See this old thread: https://forums.freenas.org/index.php?threads/cifs-and-nfs-together.10918/ ). But I wouldn't like to rely on that.

Agree!

Really you need to test things out to see if your new proposed share setup works as you want/think. DO NOT move data around until you're totally satisfied things are correct.

Learned that one the hard way a very long time ago.

The typical linux desktop distro provides for mounting SMB shares in whatever default filemanager they use ( e.g nautilus, thunar, dolphin, etc. ) The helper apps that do that are likely to mount FreeNAS SMB shares with a uid/gid of the active linux user, irrespective of what user credentials you've used to access the share. Thus the owner/group presented in Linux is not necessarily what it is on the FreeNAS dataset. The same can be true if you mount a SMB share at the CLI. Things are acceptable for rw access if the SMB share and FreeNAS data accessed in Linux is owned by the Linux user who mounts it, or for read only access where the FreeNAS data is owned by various users. In other cases, you can be left with a puzzle to solve.

My comments apply to a typical home network without the use of a domain controller, etc.
Googling on the subject of "cifs and nfs on same share" or "samba and nfs share same folder" or the equivalent will show how this can all descend into a can of worms.

I only mount via cli and use the "fstab" to do the work of mounting... This just makes things convoluted. This, I believe, made me want to give NFS a go.. I was having problems with my SMB shares and what you stated appears to be the reason. I do, do some distro hopping. Oh the rabbit holes! This begs the question. Why so complicated.

Yeah. I do not have any windows servers and currently do not plain on it. I may look into an LDAP in the future but for now I need/want stable access to my/a NAS for Jails/vm's/desktop systems that are running various os. Also, giving my family/Friends access, whether it be ro/rw access, to files that we want to share. Of whom 95% are only want to use windows and a rare case of mac os.

With all this stated I can not guarantee that there will not be any simultaneous access to which I do not want to run the risk.

Just more things to ponder.

 

[KrisBee]

Why so complicated.

Ours not to reason why? I wouldn’t like to be a sysadmin grappling with this kind of thing, but then a professional ought to know what they are doing. I belatedly re-discovered this thread:

https://forums.freenas.org/index.ph...-doing-things-wrong-part-i.39306/#post-242251

I don’t know if you went back to the “Collaborative NFS share” idea which makes use of setgid as outlined in the ref. you quoted https://www.rootusers.com/how-to-provide-nfs-shares-for-group-collaboration/
I ran through this for my own satisfaction and it works as expected when both the server and client are running Linux. But unless I’ve made an error, the same scheme doesn’t work when a Linux client connects to a FreeNAS/BSD NFS server. It works locally on the FreeNAS server, but not when the share is exported to Linux. I’m not conversant with NFSv4 ACLs, perhaps the effect of chmod g+s is superseded by the ACLs for an exported filesystem. Maybe I should start a separate thread about that.

 

[KrisBee]

Well, I must have made an error somewhere as on a second attempt all works as expected on the Linux client side for a rudimentary "collaborative share NFS" where setgid bit is set on the top-level directory of the exported dataset. If you want something more fine tuned then you could need to resort to ACL entries, in which case you might want to move to NFSv4.

With a NFS version 4 mount on Linux you can view NFSv4 ACL entries from the client and edit them if the client can su to root! So that looks like a good case for squashing root on the nfs export. Without using kerberos, a Linux client NFSv4 mount will default to using sec=sys and will still be sending UID/GID info to the server. This means you need to configure the FreeNAS NFS service with both "Enable NFSv4" and "NFSv3 ownership model for NFSv4" checked. Under the hood FreeNAS will set these two tunables: vfs.nfsd.enable_stringtouid=1 & vfs.nfs.enable_uidtostring=1

 

[Raksasas]

@KrisBee

First off, I would like to take a minute and say think you for your time and knowledge base that you have been providing.

Thank you, KrisBee.
----

I am going to admit at this time I don't know which share type I should be using for what I want to accomplish.

I maybe using linux and NFS may be the best solution for me but... None of my family and friends do which makes me think SMB for simplicity for them. Then there is the part which you have stated. That with SMB, Linux ignores the user credentials used to assess the share which will be problematic and has shown it's face making me look into NFS and attempt to use it.

I am somewhat thinking that NFS with the "nobody/mapall" settings may be the solution I am partly looking for and deal with the administrative overhead on family/friends machines. I am just not sure how to make certain shares ro and certain shares rw to them at this time.

 

[KrisBee]

My old brain is getting slow these days, hence this rather long winded thread. Looking back at my own bookmarks, this is the one I like to use when I need reminding about setuid/setgid and sticky bits, it also has an introduction to Linux POSIX ACLs. https://youtu.be/JG2h-nN_aXk

I can only offer what I have learnt from using a simple home network. In my case with only a couple of physical users and limited Windows use, my choices were easy: SMB for Windows shares and NFS for Linux. I don't use any directory services. I took the K.I.S.S. approach as it meets my needs. I probably need to look more deeply at sharing data in mixed environments myself.