# /etc/exports permissions



## balanga (Mar 5, 2021)

For a long time I used a FreeNAS server to provide NFS access to various repositories, now I trying to do the same thing using native FreeBSD and getting a bit confused with permission settings...

If I have a system with a /data directory and want to allow universal r/w access to my LAN how should I set that up?

I've checked exports() but am not clear what needs to be set...

I've tried this among many other things but can't seem to get the hang of it
	
	



```
/data -mapall=root
```


----------



## ShelLuser (Mar 5, 2021)

For starters... don't try and map stuff to root, that's much too excessive.

Have you tried exports(5)?


```
/data -alldirs -mapall=nobody
```
Then simply make sure that the permissions for /data are set to 777 so that everyone can use it (even a user nobody). Of course -alldirs is optional, but I figured it might be useful to only grab a part of /data.


----------



## Denis Shaposhnikov (Mar 5, 2021)

balanga said:


> If I have a system with a /data directory and want to allow universal r/w access to my LAN how should I set that up?


I use NFSv4 for that. Here my /etc/exports


```
V4: / -sec=sys -network=192.168.1.0/24
/zdisk/data -mapall=root -network=192.168.1.0/24
```

and rc.conf


```
nfs_server_enable="YES"
nfsv4_server_enable="YES"
nfsuserd_enable="YES"
```

and mount command


```
mount -t nfs -o bg,soft,nfsv4 home:/zdisk/data ~/NAS
```


----------



## balanga (Mar 5, 2021)

ShelLuser said:


> For starters... don't try and map stuff to root, that's much too excessive.
> 
> Have you tried exports(5)?
> 
> ...


I wanted unrestricted access  so that I wouldn't have any problems with permissions, that's why I specified '-mapall=root'. There's only me using the network. I wanted the simplest possible setup. I can always add restrictions later if I want.


----------



## zirias@ (Mar 5, 2021)

Any user will be "unrestricted" if you just set permissions as suggested by ShelLuser. You just avoid NFS clients operating as root, which is definitely a good idea.


----------

