I am generally confused about how to use NFSv4 properly.
My situation is rather simple: An application server and a storage server. The application sever has several jails some of which are supposed to get access to an NFS share on the storage server. The two servers are connected over a 1:1 10 Gbps ethernet link. The idea is to create one NFS share per jail that needs some storage. The storage server uses ZFS but not the
I fail to understand two things:
Questions:
Could somebody try to shed some general light on this?
Here's my current setup:
A: /etc/exports
B: jail's fstab.local
My situation is rather simple: An application server and a storage server. The application sever has several jails some of which are supposed to get access to an NFS share on the storage server. The two servers are connected over a 1:1 10 Gbps ethernet link. The idea is to create one NFS share per jail that needs some storage. The storage server uses ZFS but not the
sharenfs
property.I fail to understand two things:
- How does authentication work without Kerberos
- How can I give my jail's
www:www
user/group write access to the share
Questions:
- How does the actual authentication work? Does the NFS client send the UID/GID and a password?
- If it's correct that the NFS server needs to have the same local user as the client, does this mean that I need to setup the user account on the server for the user on the client which mounts the share or for the user which is supposed to have rw access?
- How can I give my jail's `www:www` user/group rw access to the share which gets mounted by another user (presumable the jail host's root user which issues the mount call`.
-maproot
) or I see the existing files as nobody:nogroup
if using -maproot
).Could somebody try to shed some general light on this?
Here's my current setup:
- Host A: NFSv4 server running FreeBSD 13.0-RELEASE has 192.168.250.61
- Host B: jail host using FreeBSD 13.0-RELEASE and CBSD (for jail management) has 192.168.250.60
Code:
nfs_server_enable="YES"
nfsv4_server_enable="YES"
nfsv4_server_only="YES"
nfsuserd_enable="YES"
nfsuserd_flags="-manage-gids"
mountd_enable="YES"
A: /etc/exports
Code:
V4: /hdd/nfs
/hdd/nfs/myshare -sec=sys 192.168.250.60
B: jail's fstab.local
Code:
192.168.250.61:/myshare /usr/local/mnt/storage nfs rw,vers=4 0 0