Re: Mounting NFS share from Synology NAS
On 2022-02-01 17:28 UTC+0100, Henning Follmann wrote:
> On Tue, Feb 01, 2022 at 04:32:57PM +0100, Christian Britz wrote:
>> 2. Accessing the mounted share with my personal user: The access rights
>> for /Daten look right, the user on the NAS has the same name as the user
>> on my machine. But:
>
> And how about the userId?
> The username does not mean anything. The access control is
> based on Id.
Thank you, that was the right hint, the solution to get it work (with
NFS4 support) with IP based "security" was:
1. Recreate the user and group on the NAS web interface with the same
names as on my localhost.
2. Assign the right group via SSH to the user on the NAS.
3. chown -R the files on the NAS to the new user and group.
4. Change UID and GID on my localhost to match the UID and GID on the
NAS (I read somewhere that the Synology crap has problems if you change
UID and GID on the server).
5. Fix ownership of files on localhost
=> Works!
Drawback 1, compared to my previous SMB mount method: The NAS internal
sub-directories named "@eaDir" are visible when accessing the share via
NFS. Workaround: Deleting them. Should be relatively safe according to
the Web. In the worst case, they get recreated.
Drawback 2: Security is only relying on the client IP. This would
probably be not acceptable, if I were not the only user on my network.
Is my assumption right, that I would have to setup a Kerberos server to
achieve real security?
Big advantage, compared to my previous SMB mount method: the modified
timestamp is finally shown correctly. This didn't seem to work correctly
with SMB.
Thank you all.
Reply to: