Synology NAS Procedure Share a NFS Folder: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 58: Line 58:
"Enable asynchronous": Checking this option allows your Synology NAS to reply to requests from NFS clients before any changes to files are completed, yielding better performance. '''Check'''.
"Enable asynchronous": Checking this option allows your Synology NAS to reply to requests from NFS clients before any changes to files are completed, yielding better performance. '''Check'''.


"Allow connections from non-privileged ports (ports higher than 1024)":  Checking this option allows NFS clients to use non-privileged ports (i.e. ports greater than 1024) when connecting to the Synology NAS. '''Check'''.
<span id='Allow_Connections_from_Non-privileged_Ports'></span>"Allow connections from non-privileged ports (ports higher than 1024)":  Checking this option allows NFS clients to use non-privileged ports (i.e. ports greater than 1024) when connecting to the Synology NAS. '''Check'''.


"Allow users to access mounted subfolders": Checking this option allows NFS clients to access mounted subfolders. '''Check'''
"Allow users to access mounted subfolders": Checking this option allows NFS clients to access mounted subfolders. '''Check'''

Revision as of 02:58, 15 May 2018

External

Internal

Overview

If the NFS service has not been setup yet, set it up:

Configure NFS Service

Procedure

Main Menu -> Control Panel -> Shard Folder -> Create

Name: The name specified here will propagate as mount path: /volumeX/shared-folder-name

Description:

Volume:

Check "Hide this shared folder in 'My Network Places'"

Check "Hide sub-folders and files from users without permissions"

Leave "Enable Recycle Bin" unchecked.

Permissions

Advanced

NFS Permissions

Access can be restricted to a specific host or network, by specifying "Hostname or IP". The host may be specified in three ways:

  1. Single host.
  2. Wildcards *.example.com.
  3. Network segment: 203.74.205.32/255.255.255.0, 203.74.205.32/24.

Privilege:

  1. Read/Write
  2. Read only

Squash:

  1. "No mapping": Allows all users of NFS client, including root users, to maintain original access privileges.
  2. "Map root to admin": Assigns access privileges to root users of NFS client equivalent to the admin user access privileges on your system.
  3. "Map root to guest": Assigns access privileges to root users of NFS client equivalent to the guest access privileges on your system.
  4. "Map all users to admin": Assigns access privileges to all users of NFS client equivalent to the admin user access privileges on your system.

Security:

  1. AUTH_SYS: Use the NFS client's UID (user identifier) and GID (group identifier) to check access permissions. The client must have exactly the same numerical UID (user identifier) and GID (group identifier) on the NFS client and Synology NAS, or else the client will be assigned the permissions of others when accessing the shared folder. To avoid any permissions conflicts, you can select Map all users to admin from Squash or give "Everyone" permissions to the shared folder.
  2. Kerberos authentication
  3. Kerberos integrity
  4. Kerberos privacy

"Enable asynchronous": Checking this option allows your Synology NAS to reply to requests from NFS clients before any changes to files are completed, yielding better performance. Check.

"Allow connections from non-privileged ports (ports higher than 1024)": Checking this option allows NFS clients to use non-privileged ports (i.e. ports greater than 1024) when connecting to the Synology NAS. Check.

"Allow users to access mounted subfolders": Checking this option allows NFS clients to access mounted subfolders. Check

Troubleshooting

error while mounting volume ... permission denied

Check Synology NAS /var/log/messages:

May 14 19:55:08 RackStation mountd[11252]: refused mount request from 192.168.1.136 for /volume1/nfstest (/volume1/nfstest): illegal port 63347

Resolutions: Configure "Allow connections from non-privileged ports (ports higher than 1024)"