Nethserver-nfs needs testers

Nethserver-nfs is ready to be tested

  • For ns7

yum install http://mirror.de-labrusse.fr/NethDev/nethserver-nfs/nethserver-nfs-0.1.0-1.ns7.sdl.noarch.rpm

  • For ns6

yum install http://mirror.de-labrusse.fr/NethDev/nethserver-nfs/nethserver-nfs-0.0.1-1.ns6.sdl.noarch.rpm

After that nethserver-nfs, nethserver-samba and nethserver-ibay should be installed, nfs running. Then you should install nethserver-dc, else it works also when the samba share is in guest work.

The nfs panel is in the shared folder Tab

You have two modes

  • Use the server UID/GID server

In this mode the users of the remote client must be in the same GID that the owning group of the samba share.
You must add manually to all users the GID as a secondary group
Any root users of any remote clients can overwrite this GID limitation, hence the option root squash to restrict the root power.

In clear you have two access control (GID and IP)

  • Lazzy mode

if this option is uncheck, then you don’t need to set a second gid on users, the only access control is at the IP level

If you want you can allow quickly a read access to all your local network (you must respect the gid if checked)

To create a new gid/group
    groupadd -g GidNumber -o GroupName
To add a secondary group to a user
    usermod -a -G GidNumber UserName
 To see user
     id User

You might need to logout/login your user, or reboot the computer, to apply the new group ownership

Once the share is created, then on the remote allowed client, we need to mount the share

mkdir toto
mount -vt nfs 192.168.xxx.xxx:/var/lib/nethserver/ibay/toto toto/

to see the content (it is like if you are on a local folder)

ll toto/
You can also do it at the fstab level

on a remote client you can see the share

[helene@leo ~]$ showmount -e 192.168.12.172
Export list for 192.168.12.172:
/var/lib/nethserver/ibay/toto 192.168.12.24,192.168.12.26,192.168.12.25
/var/lib/nethserver/ibay/plop 192.168.12.25
  • custom rules

Nfs offers a lot of parameters and you may need some specific settings that it would be difficult or dangerous to let them in all hands. So for some cases you can enable by db command your nfs shares

but you cannot :
* use the wildcard ‘*’
* open your shares to ip(s) outside of your local network(s)
* use a domain to define your shares, the ip or the network are a mandatory
* use the root ‘/’
* let a space between the ip and its share definition

IF you want to do all these dangerous things, then you need to do them by custom templates.

How enable specific rules (the name of the rule is free):
config setprop nfs-rules MYRULE "/var/lib/nethserver/ibay/IBAYNAME 192.168.14.0/22(nohide,sync,wdelay,rw,no_root_squash,secure)"
or
config setprop nfs-rules RULE2 "/var/lib/nethserver/ibay/IBAYNAME 192.168.14.154(nohide,sync,wdelay,rw,no_root_squash,secure)"

then

signal-event nethserver-nfs-update

There is no analysis of the share settings, ditto for the path of the folder you want to share (except for the ‘/’)

Common Mount permission options
 rw              read/write permissions
 ro              read-only permissions
 insecure        Allows the use of ports over 1024
 sync            Specifies that all changes must be written to disk before a command completes
 no_wdelay       Forces the writing of changes immediately
 root_squash     Prevents root users
 no_root_squash  Allow root users

to @davidep
I use the ‘OwningGroup’ to allow read/write access and I created a property ‘AllowedIP’ if the idea to get a common tab to allow the ip based access for samba comes a day.

to all, I’m open minded on Ideas, on ergonomics improvements, and of course on translations…It is not my mother tongue (see the help page also)

11 Likes

Hello Stephane,

Great work!! I have one question how can I add custom rules? I see on the exports file that it is generated by nethserver-nfs and the is there a section for custom rules but I am not sure the commands syntax to do so. Can you give me some help here?

Thank you.

1 Like

see my first post, I have updated it

1 Like

Looks amazing man @dnutan is promoting it in some old discussions. I love that.

How can we test it properly? Which tests should we make?

test cases

see changes applied in /etc/exports following different settings
use a shared folder to backup a NS via nfs
mount a remote shared folder via nfs to a local folder and test if you can list or save (take care of your gid).

Documentation added -> https://wiki.nethserver.org/doku.php?id=nfs#nfs

@nas @islipfd19 @rasi @Ctek @Chewi can you help us to test it?

Many thanks for this. There’s no mention of Kerberos, I guess you never got it working? I’m still battling on other fronts but this gives me something to work with when I get a chance.

You mention rsize and wsize but I don’t think you should set these for NFSv4. I certainly found they made a difference with v3 (or was it v2?) but I’ve never had to set them in recent years.

2 Likes

Hi chewi

Yes, no mention about kerberos because it is not implemented. Helps are welcome.

You are welcome also to edit the documentation page :slight_smile:

1 Like

corrected a bug to display the service nfs enabled in the service status page

yum install http://mirror.de-labrusse.fr/NethDev/nethserver-nfs/nethserver-nfs-0.1.0-1.ns7.sdl.noarch.rpm

3 Likes

This list is growing very quickly

3 posts were split to a new topic: Track the initial package development

a version for ns6 is available, see first post to install

I’d like to collect as many feedback as possible on this

nethserver-nfs released for ns6 and ns7

2 Likes

Thanks, I use it already :wink:

Just wonderful!

best regards
Gerald

1 Like

Great news :slight_smile: I close that topic