# Need help to understand NFS



## nORKy (Jul 22, 2013)

Hi,

I need some help to understand NFS with ZFS and permissions. On my server, I have:

```
# ls -la /u
total 11
drwx--x--x   3 root  wheel   3 Jul  9 16:39 .
drwxr-xr-x  20 root  wheel  25 Apr 22 15:06 ..
drwx--x--x  3 root  wheel  3 Jul  9 16:37 user1

# ls -l /u/user1
total 4
drwx-----x  5 MYWWW\user1  users  5 Jul  9 16:39 home
```
/u, /u/user1 and /u/user1/home are ZFS partitions. My server is a Samba4 DC too (can use nfsv4acls)

My /etc/exports:

```
V4: /u  -sec=krb5p -network 10.35.66.0 -mask 255.255.255.0

/u
/u/user1
/u/user1/home
/u/user1/home/www
```

On my client:

```
# mount_nfs -o nfsv4 10.35.65.1:/ /u
# ls /u
ls: /u: Permission denied
```

I don't understand the 'permission denied'. If I set a maproot=root, all files are set to root. (I lost the MYWWW\user1).

How can I share my directories with the same originals permissions? Thank you.


----------



## Chris_H (Jul 22, 2013)

Greetings @nORKy, I'll take a stab at this -- but no guarantees expressed, or implied, as I have zero experience with ZFS. A couple of things come to mind; What does the _server_ log have to say. This will give you a far better understanding of _why_ your server rejected the mount(8).

What is in your hosts.allow(5) file? Are your clients "whitelisted"? Is RPC BIND enabled/allowed for them? What about the port NFS is running? While I'm not using krb4, or samba; my exports(5) looks like:

```
/	-alldirs -maproot=root ip.add.re.ss
```
NOTE: The -alldirs

Best wishes.

--chris


----------



## nORKy (Jul 23, 2013)

this ma This is my new configuration*:*


```
V4: /u  -sec=sys -network 10.35.66.0 -mask 255.255.255.0
/u -alldirs -maproot=root  10.35.66.31
/u/user1 -maproot=root 10.35.66.31
```

But my client fails: 


```
# mount -t nfs -o nfsv4 10.35.66.1:/ /u
# ls /u
# ls -la /u
total 0
# tail -n2 -f /var/log/messages
Jul 23 09:31:53 pluto kernel: nfsv4 client/server protocol prob err=10020
Jul 23 09:31:56 pluto last message repeated 5 times
Jul 23 09:34:19 pluto last message repeated 4 times
```


----------



## Chris_H (Jul 23, 2013)

Greetings,

I'm not sure, but I'm not confident it's safe (or possible) to mount external mount points to root (/). If I were more intimately familiar with the NFS4 code, I could probably definitively extrapolate the error by error number (10020).

May I suggest you try a different mount point _other_ than root, say /mnt? Also. It's redundant to define -alldirs:

```
/u -alldirs -maproot=root  10.35.66.31
```
and then define:

```
/u/user1 -maproot=root 10.35.66.31
```
As /u/users is a SUBdirectory of /u

So unless you later decide to make changes to your mounting / permission scheme, it's enough to define:

```
/u -alldirs -maproot=root  10.35.66.31
```

HTH

--chris


----------



## nORKy (Jul 24, 2013)

*N*ow it 's OK. I put the "V4:" line at the end of exports. Now, I have a *UID* problem, but I think it's a *S*amba idmap problem.


----------



## junovitch@ (Jul 25, 2013)

NFSv4 is kind of strange with mounts.  Your V4 statements sets what everything else sees as the root.  This should work.


```
V4: / -sec=sys -network 10.100.0.0 -mask 255.255.0.0
/usr/ports -maproot=root -network 10.100.0.0 -mask 255.255.0.0
```

This should also work and do the exact same thing. Both should share /usr/ports.  I haven't tested it as written below but when I initially tried NFSv4 I came across this behavior.  I can't find my notes from the time on the exact way I had it setup before I went with what is above.


```
V4: /usr -sec=sys -network 10.100.0.0 -mask 255.255.0.0
/ports -maproot=root -network 10.100.0.0 -mask 255.255.0.0
```


----------



## nORKy (Jul 25, 2013)

You're right. I don't understand what I did.


----------

