NFS Permissions issue - only root on linux client has access?

Currently reading
NFS Permissions issue - only root on linux client has access?

9
2
NAS
RS1221RP+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. Android
  2. iOS
I am trying to access shared folders on my Synology NAS (RS1221RP+) via NFS from a Linux (Ubuntu) client.

I have the shares on the Synology successfully mounted to respective folders on the client as follows:

Synology: Volume1/Movies is mounted on Ubuntu at: /mnt/movies
Synology: Volume1/TV is mounted on Ubuntu at: /mnt/tv

When I attempt to access the shares from the Ubuntu machine at /mnt/movies or /mnt/tv, I can only do so if I su to root. When root, I can cd into that directory and see the contents.

If I am using my normal Ubuntu user account, I get a permission denied error when I attempt to cd into either movies or tv.

Should I be using a specific squash setting on the Synology NFS permissions? If so, which one?

Thanks!
 
6
0
NAS
RS816
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
I am encountering the same Problem at work on a RS1221. I can mount a share successfully on multiple clients but only the root account gets access. Other accounts get a "permission denied" error.

The NAS runs DSM 7.1.1-42962 Update 1
The NFS system Settings are the default ones, so maximum Version is NFSv3.
The share settings in /etc/exports are:

Code:
/volume1/testfolder 192.168.0.0/24(rw,async,no_wdelay,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)

The file permissions on the share are 644, so every user should have read access.
I am running the same export settings on a Debian based NAS and mounted the share to the same client as the above. There I can access a 644 file without any problem from different accounts.

Does anyone have a suggestion on how to solve this problem?
Thanks!
 
9
2
NAS
RS1221RP+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. Android
  2. iOS
Here is what my NFS settings look like on the Synology side. My Google-Fu yesterday pointed towards the squash settings, but I tried "Map all users to admin" as well as others and didn't get any further. I have also opened a ticket with Synology support and if I get a solution from them, I will report back. In the meantime, I would appreciate any other ideas... THANKS!
Screenshot 2023-01-25 at 8.18.32 AM.png
 
6
0
NAS
RS816
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
@Rusty I changed the entry to insecure from the cli (is there an option for it in the gui?) and reloaded the nfs-server.service. I also remounted the share in the client, but the "permission denied" still persists.

Same as @RobRoy90 I tried different squash mappings yesterday. Strangely with the "map all users to admin" setting even the root account on the client could not open the files anymore.
 

Rusty

Moderator
NAS Support
6,390
1,897
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Here is what my NFS settings look like on the Synology side. My Google-Fu yesterday pointed towards the squash settings, but I tried "Map all users to admin" as well as others and didn't get any further. I have also opened a ticket with Synology support and if I get a solution from them, I will report back. In the meantime, I would appreciate any other ideas... THANKS!
View attachment 12011
And if you disable "asychronus"?
 

Rusty

Moderator
NAS Support
6,390
1,897
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I also remounted the share in the client, but the "permission denied" still persists.
Have you tried to make the change and then stop/start NFS service (via gui for example using the check box)? Make sure that the exports file remains with no _locks. Try and access the mounts after that.
 
6
0
NAS
RS816
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
Have you tried to make the change and then stop/start NFS service (via gui for example using the check box)? Make sure that the exports file remains with no _locks. Try and access the mounts after that.
I just tried it and the Problem still persists. I changed the /etc/exports to insecure, saved it, restarted the NFS service using the checkbox in the gui and remounted the share on the client. After restarting the NFS service the entry in /etc/export did not change back to insecure_locks.
But every time I edit anything in the nfs share settings through the gui (like toggeling asynchronous -- that btw sadly did not resolve the problem) the entry in /etc/exports got rewritten to insecure_locks.
 

Rusty

Moderator
NAS Support
6,390
1,897
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I just tried it and the Problem still persists. I changed the /etc/exports to insecure, saved it, restarted the NFS service using the checkbox in the gui and remounted the share on the client. After restarting the NFS service the entry in /etc/export did not change back to insecure_locks.
But every time I edit anything in the nfs share settings through the gui (like toggeling asynchronous -- that btw sadly did not resolve the problem) the entry in /etc/exports got rewritten to insecure_locks.
Well that is expected tbh as the ui change affects the file. Guess the issue is somewhere else regarding permissions
 
9
2
NAS
RS1221RP+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. Android
  2. iOS
Here is the response from Synology support. Do I read this correctly in that they want me to change a UID?

Hello,

I understand you are only able to access NFS mounted shares while using root.

For uniform permission settings (all user accounts use the exact same privileges), you can select the Map all users to admin option for the squash in the NFS rule on the share, then configure the desired permissions for the DSM local admin account within Control Panel or File Station. All user accounts accessing the NFS mount at this point will have the same privilege as the DSM local admin for this specific share.

If you intend on having account-specific permissions, you need to setup a corresponding account within DSM (which can also be a domain/LDAP account) and give it its desired permissions. From there, you can use the no mapping squash within the NFS rule and either:

- change the UID on the NFS client to use the same ID as the DSM user

- use Kerberos authentication to map these accounts together

If the UIDs are mismatched, then you are likely able to mount the NFS share to the host but get denied access privilege when attempting to access the data.

To identify UIDs for DSM accounts as well as Linux clients in general, you can run the following command syntax through SSH:

id -u [username]

To change the UIDs for local accounts on a Linux client, run:

usermod -u [ID Number] [username]

Please let me know if you have any additional questions.

Thank you,

Andrew C.
 
6
0
NAS
RS816
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
@RobRoy90 Yes, they want you to create a local user on the NAS with the same UID as the user on the client with whom you ar trying to access the share and set the file permissions on the share accordingly.

But I do not like this response from Synology. From my understanding a NFS server does not need any knowledge about existing users. If I access the share from the client with whatever user I like it should check my current UID and GID against the ids of the owning user and group of the file or folder I am trying to access and if they do not match use the set permissions for the "everyone" category.
 
6
0
NAS
RS816
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
I created a support ticket with Synology myself. I keep you posted...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

worked out what the problem was - schoolboy error. i hadn't created a user on the NAS with the same...
Replies
1
Views
1,112
I'm using smb only on my windows pc. I have android devices with kodi but there i'm using NFS without any...
Replies
2
Views
730
  • Question
I tried to modify the rights to allow RW to everyone (in File Station) : I synced the data from "local"...
Replies
6
Views
1,496
Hi everyone, on my linux machine (Mageia) I would like one user (let's say, user1) to be able to access...
Replies
0
Views
952
So the verdict is still just a shoot into dark for everyone without knowledge about your LAN topology...
Replies
3
Views
4,575
Should be framed above the NAS :)
Replies
16
Views
4,959
You were right! I do have to use the Linux file manager with the root account to successfully perform file...
Replies
3
Views
2,169

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top