4

I have a server running Ubuntu 18.04 with NFS setup. I have couple of services putting/manipulating files in that share as well as other clients accessing it over network. I want NFS server to set default permissions on all new files/folders to 775.

I've set s flag on folder so all new created files and folders inherit same group, so all of users of that group could create and modify files in that folder. But I can't manage to force NFS to do it. It only created new files with 644 and folders with 2755.

Here's my /etc/exports/ 

/srv/nfs 192.168.11.0/24(ro,fsid=0,no_subtree_check,) /srv/nfs/lpt-2tb 192.168.1.0/24(rw,sync,all_squash,no_subtree_check,insecure,anonuid=1002,anongid=1002)

1002 is an id of nfs user.

I tried umask and acl, both to no avail.

I've created homedir for nfs user and placed umask 002 in it's ~/.profile.

I tried setting acl on share folder

/srv/nfs/lpt-2tb$ sudo setfacl -d --set u::rwx,g::rwx,o::r-x . /srv/nfs/lpt-2tb$ sudo setfacl -R -m u::rwx,g::rwx . /srv/nfs/lpt-2tb$ sudo getfacl . # file: . # owner: nfs # group: nfs # flags: -s- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:other::r-x

I've tried modifying nfs-server config located at /lib/systemd/system/nfs-server.service and adding there UMask=002 under [Service] section. This worked for some other services I've created myself, but not for NFS.

I restarting NFS service and even rebooting after all those modification, still, when I copy file to a share from my laptop it has 644 permissions

drwxr-sr-x+ 2 nfs nfs 4096 Apr 5 20:34 acl2 -rw-r--r-- 1 nfs nfs 434506 Mar 7 21:31 acl_test.png

---EDIT---

Here are acl output for file and folder

/srv/nfs/lpt-2tb$ sudo getfacl acl_test.png # file: acl_test.png # owner: nfs_share # group: kodi user::rw- group::r-- other::r-- /srv/nfs/lpt-2tb$ sudo getfacl acl2 # file: acl2 # owner: nfs_share # group: kodi # flags: -s- user::rwx group::r-x other::r-x default:user::rwx default:group::rwx default:other::r-x

---UPD---

I've verified that my server is running nfs v2-3-4 but my client connect via v3 and I can't override it. I'll try to verify if v4 fixes if when I manage to get it working.

I've gave up on finding a clean solution for now and will just do a cron job that will check and fix permission periodically.

Improve this question
2
  • Can you show the output of getfacl acl_test.png ? Commented Apr 5, 2020 at 20:51
  • I've appended the output to the body of the issue. Commented Apr 6, 2020 at 17:52

1 Answer 1

Reset to default
1

First, the things you're trying with umask won't work. umask is a per-process thing, and the process that matters is the process creating the file. The umask of the nfs user on the NFS server (if that's what you meant) isn't going to matter when the files are being created by the nfs user on an NFS client, and the umask of the NFS server service itself shouldn't affect anything at all.

Next, you mention you're getting the wrong permissions when you copy a file to the NFS share. Assuming you literally mean copy, as in the "cp" command, it's not a valid test. The cp command has various special behavior when it comes to permissions - unlike most programs, it doesn't simply create a file and let the default permissions stand, it actually goes back afterwards and mucks with the permissions on it. Here's one place where that's been discussed in the past:

https://serverfault.com/questions/183800/why-does-cp-not-respect-acls

I use the "touch" command to create files for this kind of testing. Try it, and you may well find that your ACL setup already works fine, it's just the cp command not respecting things.

Improve this answer
6
  • Hi, thanks for your reply. By copy I meant any copy to the share, it will mostly be via graphical clients (Windows/Mac). The intended purpose is for users to put files there and for automated tools/services to go through them and manipulate in some way if needed. I've tried cp and touch from terminal on my Mac, permissions are same as if I copy file there over Finder. Commented Apr 6, 2020 at 17:39
  • Are you using NFSv3 or NFSv4? Commented Apr 6, 2020 at 18:07
  • nfsstat –c says Server nfs v3: Commented Apr 6, 2020 at 18:20
  • Best way to be sure: go to the client you're testing from, run the "mount" command. In the line applying to the NFS mount in question, you should see a "vers=3" or "vers=4". For figuring out what's going wrong with ACLs, this is a pretty important step because NFSv4 has its own ACL system and NFSv3 does not. Also, what OS is your NFS client running? The one you're doing the "touch" testing from. Commented Apr 6, 2020 at 19:01
  • I've checked my server configs and it's running all versions 2-3-4, my mac client connects with v3 by default, I've tried to force it to use v4 via command line options but it errors out with 'invalid argument' although I use argument from it's own man page man mount_nfs. Thanks anyway, I guess I'll give up on a clean solution and just do some cron job that will fix permissions. Commented Apr 7, 2020 at 11:21

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.