# Sharing ZFS Tank via NFS



## Abscopal (Aug 16, 2017)

Hello everyone,

I'm currently stuck on sharing my ZFS tank0 using NFS. (FreeBSD 11.1)

 I've tried

https://www.freebsd.org/cgi/man.cgi?query=zfs&sektion=8
https://www.hiroom2.com/2016/05/18/ubuntu-16-04-share-zfs-storage-via-nfs-smb/
but none of them solved my problem.

Thats my setup:
FreeBSD Server (10.0.2.15/24)
Linux Client A (10.0.2.2/24)
Future Client B (10.0.2.3/24)

I want to share tank0 to client A as readonly and to client B as read/write.

Executed on FreeBSD:  `zfs sharenfs="ro=10.0.2.2/32" tank0`

Executed on Client A: `mount -t nfs 10.0.2.15:/tank0 /mnt -v`


```
mount.nfs trying text based options 'vers=4,addr=10.0.2.15,clientaddr=10.0.2.2'
Connection refused
```

`showmount -e` on FreeBSD does nothing until I "ctrl-c" it.
`showmount -e 10.0.2.15` on Linux gives me "Connection refused" again.


----------



## usdmatt (Aug 16, 2017)

Did you enable the NFS server as per the handbook?
https://www.freebsd.org/doc/handbook/network-nfs.html

/etc/rc.conf

```
nfs_server_enable="YES"
mountd_enable="YES"
```

Make sure you can see the exports on the local machine before bothering to try a client

```
# showmount -e
Exports list on localhost:
/data/web                          192.168.100.0
/data/secure                       192.168.100.0
/data/mail                         192.168.100.0
```


----------



## SirDice (Aug 16, 2017)

The sharenfs command on ZFS works a little dodgy on FreeBSD. It will work fine for relatively simple exports but it's a bit of a hack. On Solaris this hooks straight into the kernel's NFS but on FreeBSD it basically just writes to /etc/zfs/exports and uses FreeBSD's NFS server. I would recommend not using it and stick to the traditional exports(5) file.


----------



## Abscopal (Aug 16, 2017)

I didn't stick to that because I thought zfs would handle this.

I've added the lines to the rc.conf.

Now "showmount -e" gets me "RPC: Program not registered".


SirDice: Thx, I'll stick to that if the sharenfs gets too dodgy.[


----------



## Abscopal (Aug 18, 2017)

I'm answering to bump this up. (sry)

I've tried it with /etc/exports and it worked half way.
/etc/exports:

```
/tank0 -maproot=root -ro 10.0.2.2
```

I can mount this on the client and got ro access.

Since I don't want to use root to access the share I did the following:

1. Added the group "NAS"
2. Added 2 users "read" and "write" to "NAS"
3. chgrp "NAS" to /tank0
4. chmod 764 to /tank0 (To give "NAS" Write/read permission on it)
5. edited /etc/exports

```
/tank0 -mapall=read -ro 10.0.2.2
```
6. service mountd reload

This resulted in the client not even being able to cd into /mnt.

From what I've read this config should map all accesses from 10.0.2.2 to the local user read on the server. But obviously thats not the case


----------



## SirDice (Aug 18, 2017)

Directory permissions of 764 don't make sense. To be able to read and change a directory it needs execute permissions. So you'll want 700 (rwx for owner), 750 (rwx for owner, rx for group) or 755 (rwx owner, rx group, rx other) permissions on directories. Permissions like 770 or 775 are common too.

Also note that even though the permissions allow for write access sharing it read-only means remote users can only read, regardless of the write permissions on the files/directories themselves.


----------



## Abscopal (Aug 21, 2017)

Ok, I've set it to 770. Didn't know that execution implies cd'ing.
I also needed to add NAS to the exports file, but it works now.

It was my intention to give r/w to the group and then control via etc/exports if it's exported as r/w or r/o.

Thanks for the help, works as intended now.


----------



## SirDice (Aug 23, 2017)

Abscopal said:


> Ok, I've set it to 770. Didn't know that execution implies cd'ing.


For directories is has the function of 'search', see chmod(1):

```
0100    For files, allow execution by owner.  For directories,
                   allow the owner to search in the directory.
{...}
           0010    For files, allow execution by group members.  For directo-
                   ries, allow group members to search in the directory.
```

Example:

```
dice@armitage:/tmp % pwd
/tmp
dice@armitage:/tmp % mkdir test
dice@armitage:/tmp % ls -ld test/
drwxr-xr-x  2 dice  wheel  0 Aug 23 11:11 test/
dice@armitage:/tmp % cd test/
dice@armitage:/tmp/test % touch test.txt
dice@armitage:/tmp/test % cd ../
dice@armitage:/tmp % ls -ld test/
drwxr-xr-x  2 dice  wheel  64 Aug 23 11:12 test/
dice@armitage:/tmp % chmod 600 test/
dice@armitage:/tmp % ls -ld test/
drw-------  2 dice  wheel  64 Aug 23 11:12 test/
dice@armitage:/tmp % ls -ld test/
drw-------  2 dice  wheel  64 Aug 23 11:12 test/
dice@armitage:/tmp % ls -ld test/*
ls: No match.
dice@armitage:/tmp % cd test/
test/: Permission denied.
dice@armitage:/tmp % chmod 700 test/
dice@armitage:/tmp % ls -ld test/*
-rw-r--r--  1 dice  wheel  0 Aug 23 11:12 test/test.txt
dice@armitage:/tmp % cd test/
dice@armitage:/tmp/test % cd ../
```


----------

