SOLVED Cannot chown share to apache

[LearnLearnLearn]

I'm pulling my hair out on this. It's been posted a hundred times but I've yet to find why it's not working for me.

I have an nfs share that is used by a few web servers. Apache must own the files and directories.

I create a user and group called apache on truenas then assigned that to the nfs share in the pool.
The user id is 1000, the primary group is 'apache' and the aux group is builtin_users, apache.
The user has r/w/e and the group has r only and the share is specified in the user. I have 'Disable password' set to yes.

The pool, dataset is set to 'Passthrough'.
The database has apache owner, apache group, r/w/e with group having r only.
When I save this, I can see the share owner changing to 1000:1000.

Now, there is a user that already owns 1000 on most of the web servers so maybe this is why but all these files must be owned by apache, not the user id so what am I doing wrong? Days of reading and thinking I found an answer never solves the problem.

Can someone please shed some light.

 

[unseen]

The name of the user and group is not really relevant. The important thing is the ID of the user and the ID of the group.

The user you create on TrueNAS must have the same ID as that user has on the server where it is running. Same applies for the group.

 

[LearnLearnLearn]

Thanks for the input.

The user and group I created on truenas have id 1000.
On most of the clients, apache was installed as a service and seem to have the same ID if 48.
On some clients, I manually created the apache user so some are 1002, some are 1005, etc.

I don't see any options on truenas to change the ID of the user and group I created so does that mean I have to change the ID's on any of the clients so all match?

And, if I do that, is there anything else I have to pay attention to on each of those servers or will apache/web services continue running without issues after changing their ID?

 

[Patrick M. Hausen]

Alle clients need to numerically match if you use NFS, yes. That's why network directory services like NIS were invented.

The other option is to use one of the map* directives. If all clients being able to mount should have the privileges of the apache user and there are no interactive users in these systems that might pose a risk, you can use mapall=apache in the export definition.

Or use mapuser for each of the individual IDs but you cannot tie these to individual client machines so if you map 48, 1002, 1005 all to apache, then any user with any of these IDs on any of the client machines has got "apache" privileges.

 

[LearnLearnLearn]

Got it, thank you for that clarification. I think for this implementation, matched user id's will be sufficient then.