Synology NAS Procedure Share a NFS Folder: Difference between revisions
(5 intermediate revisions by the same user not shown) | |||
Line 31: | Line 31: | ||
'''Permissions''' | '''Permissions''' | ||
Nothing should be selected. | |||
'''Advanced''' | '''Advanced''' | ||
Nothing should be selected. | |||
'''NFS Permissions''' | '''NFS Permissions''' | ||
Line 46: | Line 50: | ||
Squash: | Squash: | ||
# "No mapping": Allows all users of NFS client, including root users, to maintain original access privileges. | # '''Select''' "No mapping": Allows all users of NFS client, including root users, to maintain original access privileges. This will propagate the NFS client UID/GIDs to the NFS server filesystem. | ||
# "Map root to admin": Assigns access privileges to root users of NFS client equivalent to the admin user access privileges on your system. | # "Map root to admin": Assigns access privileges to root users of NFS client equivalent to the admin user access privileges on your system. | ||
# "Map root to guest": Assigns access privileges to root users of NFS client equivalent to the guest access privileges on your system. | # "Map root to guest": Assigns access privileges to root users of NFS client equivalent to the guest access privileges on your system. | ||
Line 52: | Line 56: | ||
Security: | Security: | ||
# AUTH_SYS: Use the NFS client's UID (user identifier) and GID (group identifier) to check access permissions. The client must have exactly the same numerical UID (user identifier) and GID (group identifier) on the NFS client and Synology NAS, or else the client will be assigned the permissions of others when accessing the shared folder. To avoid any permissions conflicts, you can select Map all users to admin from Squash or give "Everyone" permissions to the shared folder. | # '''Select''' AUTH_SYS: Use the NFS client's UID (user identifier) and GID (group identifier) to check access permissions. The client must have exactly the same numerical UID (user identifier) and GID (group identifier) on the NFS client and Synology NAS, or else the client will be assigned the permissions of others when accessing the shared folder. To avoid any permissions conflicts, you can select Map all users to admin from Squash or give "Everyone" permissions to the shared folder. | ||
# Kerberos authentication | # Kerberos authentication | ||
# Kerberos integrity | # Kerberos integrity | ||
Line 62: | Line 66: | ||
"Allow users to access mounted subfolders": Checking this option allows NFS clients to access mounted subfolders. '''Check''' | "Allow users to access mounted subfolders": Checking this option allows NFS clients to access mounted subfolders. '''Check''' | ||
OK | |||
The result is a /volume''n''/''nfsdirname'' with no permissions by default: | |||
d--------- 3 root root 4096 May 14 20:55 nfstest | |||
The folder will be exposed to the NFS client with the same permissions it was created on the NFS server, by default none. If different permissions need to be exposed, they should be set manually on the NFS server folder. | |||
=Troubleshooting= | =Troubleshooting= |
Latest revision as of 04:02, 15 May 2018
External
Internal
Overview
If the NFS service has not been setup yet, set it up:
Procedure
Main Menu -> Control Panel -> Shard Folder -> Create
Name: The name specified here will propagate as mount path: /volumeX/shared-folder-name
Description:
Volume:
Check "Hide this shared folder in 'My Network Places'"
Check' "Hide sub-folders and files from users without permissions"
Leave "Enable Recycle Bin" unchecked.
Permissions
Nothing should be selected.
Advanced
Nothing should be selected.
NFS Permissions
Access can be restricted to a specific host or network, by specifying "Hostname or IP". The host may be specified in three ways:
- Single host.
- Wildcards *.example.com.
- Network segment: 203.74.205.32/255.255.255.0, 203.74.205.32/24.
Privilege:
- Read/Write Select
- Read only
Squash:
- Select "No mapping": Allows all users of NFS client, including root users, to maintain original access privileges. This will propagate the NFS client UID/GIDs to the NFS server filesystem.
- "Map root to admin": Assigns access privileges to root users of NFS client equivalent to the admin user access privileges on your system.
- "Map root to guest": Assigns access privileges to root users of NFS client equivalent to the guest access privileges on your system.
- "Map all users to admin": Assigns access privileges to all users of NFS client equivalent to the admin user access privileges on your system.
Security:
- Select AUTH_SYS: Use the NFS client's UID (user identifier) and GID (group identifier) to check access permissions. The client must have exactly the same numerical UID (user identifier) and GID (group identifier) on the NFS client and Synology NAS, or else the client will be assigned the permissions of others when accessing the shared folder. To avoid any permissions conflicts, you can select Map all users to admin from Squash or give "Everyone" permissions to the shared folder.
- Kerberos authentication
- Kerberos integrity
- Kerberos privacy
"Enable asynchronous": Checking this option allows your Synology NAS to reply to requests from NFS clients before any changes to files are completed, yielding better performance. Check.
"Allow connections from non-privileged ports (ports higher than 1024)": Checking this option allows NFS clients to use non-privileged ports (i.e. ports greater than 1024) when connecting to the Synology NAS. Check.
"Allow users to access mounted subfolders": Checking this option allows NFS clients to access mounted subfolders. Check
OK
The result is a /volumen/nfsdirname with no permissions by default:
d--------- 3 root root 4096 May 14 20:55 nfstest
The folder will be exposed to the NFS client with the same permissions it was created on the NFS server, by default none. If different permissions need to be exposed, they should be set manually on the NFS server folder.
Troubleshooting
error while mounting volume ... permission denied
Check Synology NAS /var/log/messages:
May 14 19:55:08 RackStation mountd[11252]: refused mount request from 192.168.1.136 for /volume1/nfstest (/volume1/nfstest): illegal port 63347
Resolutions: Configure "Allow connections from non-privileged ports (ports higher than 1024)"