Nethserver-nfs is ready to be tested
- For ns7
yum install http://mirror.de-labrusse.fr/NethDev/nethserver-nfs/nethserver-nfs-0.1.0-1.ns7.sdl.noarch.rpm
- For ns6
yum install http://mirror.de-labrusse.fr/NethDev/nethserver-nfs/nethserver-nfs-0.0.1-1.ns6.sdl.noarch.rpm
After that nethserver-nfs, nethserver-samba and nethserver-ibay should be installed, nfs running. Then you should install nethserver-dc, else it works also when the samba share is in guest work.
The nfs panel is in the shared folder Tab
You have two modes
- Use the server UID/GID server
In this mode the users of the remote client must be in the same GID that the owning group of the samba share.
You must add manually to all users the GID as a secondary group
Any root users of any remote clients can overwrite this GID limitation, hence the option root squash to restrict the root power.
In clear you have two access control (GID and IP)
- Lazzy mode
if this option is uncheck, then you don’t need to set a second gid on users, the only access control is at the IP level
If you want you can allow quickly a read access to all your local network (you must respect the gid if checked)
To create a new gid/group
groupadd -g GidNumber -o GroupName
To add a secondary group to a user
usermod -a -G GidNumber UserName
To see user
id User
You might need to logout/login your user, or reboot the computer, to apply the new group ownership
Once the share is created, then on the remote allowed client, we need to mount the share
mkdir toto
mount -vt nfs 192.168.xxx.xxx:/var/lib/nethserver/ibay/toto toto/
to see the content (it is like if you are on a local folder)
ll toto/
You can also do it at the fstab level
on a remote client you can see the share
[helene@leo ~]$ showmount -e 192.168.12.172
Export list for 192.168.12.172:
/var/lib/nethserver/ibay/toto 192.168.12.24,192.168.12.26,192.168.12.25
/var/lib/nethserver/ibay/plop 192.168.12.25
- custom rules
Nfs offers a lot of parameters and you may need some specific settings that it would be difficult or dangerous to let them in all hands. So for some cases you can enable by db command your nfs shares
but you cannot :
* use the wildcard ‘*’
* open your shares to ip(s) outside of your local network(s)
* use a domain to define your shares, the ip or the network are a mandatory
* use the root ‘/’
* let a space between the ip and its share definition
IF you want to do all these dangerous things, then you need to do them by custom templates.
How enable specific rules (the name of the rule is free):
config setprop nfs-rules MYRULE "/var/lib/nethserver/ibay/IBAYNAME 192.168.14.0/22(nohide,sync,wdelay,rw,no_root_squash,secure)"
or
config setprop nfs-rules RULE2 "/var/lib/nethserver/ibay/IBAYNAME 192.168.14.154(nohide,sync,wdelay,rw,no_root_squash,secure)"
then
signal-event nethserver-nfs-update
There is no analysis of the share settings, ditto for the path of the folder you want to share (except for the ‘/’)
Common Mount permission options
rw read/write permissions
ro read-only permissions
insecure Allows the use of ports over 1024
sync Specifies that all changes must be written to disk before a command completes
no_wdelay Forces the writing of changes immediately
root_squash Prevents root users
no_root_squash Allow root users
to @davidep
I use the ‘OwningGroup’ to allow read/write access and I created a property ‘AllowedIP’ if the idea to get a common tab to allow the ip based access for samba comes a day.
to all, I’m open minded on Ideas, on ergonomics improvements, and of course on translations…It is not my mother tongue (see the help page also)