# [PC-BSD] Directory permissions between ubuntu and PC-BSD under NFS



## dralex (Feb 9, 2013)

So I have two boxes set up. An ubuntu box, gladys, and a PC-BSD box, wilbur. On both boxes I sign in as dan, typical user, sysadmin,etc. I have wilbur as the NFS server and gladys fits nicely as the NFS client. Gladys can see wilbur's big drive but wilbur cannot see anything on gladys. Fine, I don't mind. 

The problem comes into play when I try to write to various directories on wilbur (server) from gladys (client). Seems to do so I have to have the directory permissions set at 777 on wilbur (server) in order to accomplish this. 

My question is, on the client, gladys, am I connecting to the server, wilbur, as gladys, or the user dan under gladys.  Do I need a logon for gladys on the server to write to directories with permissions set to say 775? Shouldn't it be enough that I have a logon on both boxes of dan. Do I need to map the groups on both machines with a utility somewhere? 

Any pointers would help. And, will I understand the answer? In the meantime, I'll rtfm.

Tia.


----------



## DutchDaemon (Feb 9, 2013)

Disclaimer: Topics about *PC-BSD* | FreeNAS | NAS4Free | m0N0WALL | pfSense | ArchBSD | kFreeBSD


----------



## Beeblebrox (Feb 9, 2013)

> An ubuntu box,gladys, and a pc-bsd box,wilbur


Why are you complicating things when asking questions? You have ubuntu as client and pc-bsd as server, Right? Simple.

Both systems have user "dan", and although you probably gave the same password to both, they have no relationship with each other until you setup a central "authentication mechanism" - which can get quite hairy if you have no previous experience. As an example, one of the best known examples of such mechanism is LDAP. For both "dan"s to be one, they must authenticate to the same file or db. Since the two systems are separate and use two different files to authenticate from, they have no relation.



> wilbur cannot see anything on gladys


To do that, your ubuntu system must also export something (like nfs, samba, etc)



> Seems to do so I have to have the directory permissions set at 777 on server


No, you need to export NFS as rw (read/write)

When you connect to the machine hosting the service (whatever that service is - nfs, samba, whatever) you authenticate by the rules set on that machine. This means, the machine hosting that service (that's why it's called a server) will allow access according to rules set for authentication on that machine. For the same reason your ubuntu is a client until you start to host or export a service from it - then it will only be a server for that particular service on that particular port.


----------



## junovitch@ (Feb 10, 2013)

Can you post up your NFS configuration on both sides?  What is the UID/GID for "dan" on each side.  Remember the older NFSv2 and NFSv3 use UID/GIDs so if they don't match between the server/client then that could explain the need for 777 just to be able to do anything.  If you're using NFSv4 then it can get more complicated.  It maps based off the "name@domain.com" syntax and can do so using users local to each box or using centralized authentication services.  It just depends on how you set it up.

If you show me what you have setup and what NFS version you're trying to use I can probably assist.  I'm basically doing the same thing on my home LAN with a FreeBSD NFS server and Linux Mint NFS clients with autofs handling the mount duties.


----------



## dralex (Feb 10, 2013)

I'm of the opinion that I have to have both boxes set up as client and server? Is that correct? 
What i've done is to include the -maproot=root:wheel option on the exports file of the pc-bsd box. And I've exported the file system -rw. That should help.  
And I've noticed I do have a problem with my (user/group)id's. 

As far as the configuration settings I've not found an nfs.conf anywhere....I only have the four or five lines from the freebsd handbook in the rc.conf file as well as the exports file,now. No other conf files are being used on the pc-bsd box.

Ubuntu seems to want to run the show itself so I am letting it. Hope it knows what it is doing. My user id for dan is 1004 on the pcbsd box. Not sure about the ubuntu. So will check on that. Evidently they should match?  More rtfm'ing for me. I'll repost if I have any additional confusions. Thanks a bunch.


----------



## junovitch@ (Feb 10, 2013)

Here is what I am using for NFSv4.  You don't need to match UID/GID numbers with NFSv4 so you can keep them as they are.  I also use autofs on Linux which will mount on demand rather than putting anything in the /etc/fstab.

FreeBSD's /etc/rc.conf


```
# NFSv4 Configuration
nfs_server_enable="YES"
nfsv4_server_enable="YES"
nfsuserd_enable="YES"
rpcbind_enable="YES"
mountd_enable="YES"
```

FreeBSD's /etc/exports where you are allowing access to 10.100.0.0/16 and having the /zfs/homedirs folder allowed.


```
V4: / -sec=sys -network 10.100.0.0 -mask 255.255.0.0
/zfs/homedirs	-network 10.100.0.0 -mask 255.255.0.0 -maproot=root
```


Where 10.100.102.2 is your NFS server and /zfs/homedirs contains what you are mounting, just copy this straight in.


```
sudo apt-get install nfs-common autofs
echo "NEED_IDMAPD=yes" >> /etc/default/nfs-common
echo -e "/zfs/homedirs\t/etc/auto.home" >> /etc/auto.master
echo -e "*\t-fstype=nfs4\t10.100.102.2:/zfs/homedirs/&" >> /etc/auto.home
```

For NFSv4, since it uses "user@domain.com" instead of UID/GID you need to have your domain name setup.  If running hostname doesn't return a FQDN you can manually set it in your Ubuntu /etc/idmapd.conf

```
perl -pwi -e 's^# Domain = localdomain^Domain = mydomain.name^' /etc/idmapd.conf
```

For further reading on the Ubuntu side...
https://help.ubuntu.com/community/SettingUpNFSHowTo
https://help.ubuntu.com/community/NFSv4Howto
https://help.ubuntu.com/community/Autofs


----------

