I've been trying to figure out how I can export a complete Pool over an NFS or SMB share which provides access to all data in the Dataset, irrespective of ACLs specified in each.
I am looking to setup a Linux VM elsewhere on the network to create backups of the Pool on another device (ex: cloud storage, etc). However, in order to do so, I need access to all files that are defined in the Datasets in the pool.
I know that the TrueNAS root user can have access to all data (as proven when I login to a SSH shell as root and can navigate through everything). So I tried to create an NFS read-only export and defined the mapall to the root user, expecting that when any user connects to the export, it will get full root browsing privileges. But ACL protected datasets are still returning access errors.
TrueNAS Core:
Linux Client (AlmaLinux 9):
I was hoping that the `mapall` would help set the user as the root user on the server side to give me the access to view all files irrespective of my client UID/GID.
Do I need to set/configure something on the client side to give it access to everything? Why am I getting Input/output errors and Permission denied? As well as all the ??????? in the share's perms, UID, GID on the client side?
I am looking to setup a Linux VM elsewhere on the network to create backups of the Pool on another device (ex: cloud storage, etc). However, in order to do so, I need access to all files that are defined in the Datasets in the pool.
I know that the TrueNAS root user can have access to all data (as proven when I login to a SSH shell as root and can navigate through everything). So I tried to create an NFS read-only export and defined the mapall to the root user, expecting that when any user connects to the export, it will get full root browsing privileges. But ACL protected datasets are still returning access errors.
TrueNAS Core:
Code:
root@truenas[~]# cat /etc/exports V4: / -sec=sys /mnt/HomeNAS -ro -mapall="root":"wheel" 192.168.2.250 root@truenas[~]# ls -l /mnt/HomeNAS total 193 drwxr-xr-x+ 10 root wheel 15 Sep 16 16:51 Backup drwxrwx--x+ 10 eric wheel 13 Nov 26 23:42 home drwxr-xr-x 9 root wheel 12 Nov 19 2021 iocage drwxrwx---+ 18 mediau wheel 34 Sep 12 13:18 media drwxr-xr-x 3 root wheel 3 Sep 2 16:43 TimeMachine drwxr-xr-x 3 root wheel 3 May 26 2022 truenas drwxrwxrwx 2 root wheel 4 Nov 3 00:03 VM root@truenas[~]# ls -l /mnt/HomeNAS/media total 1735 drwxrwxrwx 2 mediau wheel 2 Nov 28 2021 77c8163c-5109-9ef5-16f7-4e2f0a95b7ef drwxrwxrwx 94 docker wheel 126 Nov 28 09:18 downloads drwxrwx---+ 2 eric eric 2 Jan 23 2022 eric drwxrwxrwx 2 mediau wheel 2 Aug 30 2018 lost+found drwxrwxrwx 2 mediau wheel 2 Nov 9 2021 music -rwxrwxrwx 1 mediau wheel 445594 Dec 9 2021 progress.log -rw-r--r--+ 1 mediau wheel 255768 Sep 3 2018 rsync.log -rwxrwx---+ 1 mediau wheel 1415 Feb 15 2022 rsync8.log -rwxrwx---+ 1 mediau wheel 840 Feb 16 2022 rsync9.log drwxrwxrwx 16 mediau wheel 19 Aug 23 10:38 training
Linux Client (AlmaLinux 9):
Code:
[eric@dockervm2 ~]$ mount ... truenas.mydomain:/mnt/HomeNAS on /mnt/nas type nfs4 (ro,nosuid,nodev,noexec,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.2.250,local_lock=none,addr=192.168.2.17,user=eric) [eric@dockervm2 ~]$ ls -l /mnt/nas total 97 drwxr-xr-x. 10 root root 15 Sep 16 16:51 Backup drwxr-xr-x. 2 1007 1007 9 Nov 27 22:25 crashplan drwxrwx--x. 10 eric root 13 Nov 26 23:42 home drwxr-xr-x. 9 root root 12 Nov 19 2021 iocage drwxrwx---. 18 1004 root 34 Sep 12 13:18 media drwxr-xr-x. 3 root root 3 Sep 2 16:43 TimeMachine drwxr-xr-x. 3 root root 3 May 26 2022 truenas drwxrwxrwx. 2 root root 4 Nov 3 00:03 VM [eric@dockervm2 ~]$ ls -l /mnt/nas/home ls: reading directory '/mnt/nas/home': Input/output error total 0 [eric@dockervm2 ~]$ ls -l /mnt/nas/media ls: cannot access '/mnt/nas/media/eric': Permission denied ls: cannot access '/mnt/nas/media/rsync9.log': Permission denied ls: cannot access '/mnt/nas/media/rsync8.log': Permission denied total 513 drwxrwxrwx. 2 1004 root 2 Nov 28 2021 77c8163c-5109-9ef5-16f7-4e2f0a95b7ef drwxrwxrwx. 94 1005 root 126 Nov 28 09:18 downloads ??????????? ? ? ? ? ? eric drwxrwxrwx. 2 1004 root 2 Aug 30 2018 lost+found drwxrwxrwx. 2 1004 root 2 Nov 9 2021 music -rwxrwxrwx. 1 1004 root 445594 Dec 9 2021 progress.log ??????????? ? ? ? ? ? rsync8.log ??????????? ? ? ? ? ? rsync9.log -rw-r--r--. 1 1004 root 255768 Sep 3 2018 rsync.log drwxrwxrwx. 16 1004 root 19 Aug 23 10:38 training
I was hoping that the `mapall` would help set the user as the root user on the server side to give me the access to view all files irrespective of my client UID/GID.
Do I need to set/configure something on the client side to give it access to everything? Why am I getting Input/output errors and Permission denied? As well as all the ??????? in the share's perms, UID, GID on the client side?