NFS Setup Assistance

Ok, first off, let me apologize if this topic has been covered on this forum, but I was unable to find something answering my specific questions (atleast for FreeBSD).

As of right now, I have a home sever running FreeBSD 11 (10.X wasn't booting on my fancy new AMD FX). Ultimately it is just going to be a NAS for several devices in the house (two laptops, two desktops, two media centers, and a few smart devices). I choose FreeBSD because I believe it has the best implementation of ZFS of the OS options at my disposal.

In this vein, I kind of have some basic setup questions:
1) Should I start with NFSv3 or v4? My entire network is currently running off Samba, and truthfully I'd like to stop that. It is just a pain for "read-write" client setup.

Most of the documentation I have read is entirely focused on NFSv3, but most of the articles I read seem to claim NFSv4 is the "NFS for the future!" I'm not sure if this is mostly due to throughput improvement, which might not block me as there are only a few clients, or if there is something else I am missing.

2) Are there any pitfalls I have to consider with sharing ZFS over NFS?
I have a RAID-Z2 + a cache drive (no ZIL).
There are 3 filesystems (or shares or containers... I've heard it referred to as all 3).
/cloud
/cloud/photos
/cloud/movies


At the moment I have a pretty simple exports file, as I am just running tests with a couple clients (my two laptops and one media server):
Code:
/cloud -alldirs -mapall=root 192.168.0.14 192.168.0.13
/cloud/photos -alldirs -mapall=root 192.168.0.14 192.168.0.13
/cloud/movies -alldirs -mapall=root 192.168.0.14 192.168.0.13
/cloud/movies -alldirs,ro -mapall=nobody 192.168.0.30

My network uses static IPs for all devices that aren't "guests" so to speak.

Is there anything else crazy I have to consider? Should I be specifying "rw" if the client is supposed to have rw access or is that a Linux-only thing?
 
Last edited by a moderator:
Should I be specifying "rw" if the client is supposed to have rw access or is that a Linux-only thing?
No, that's not needed. If it's not specifically set to read-only it'll be shared read/write.

You might want to be careful with the -mapall=root. All files will be owned by root. This poses a risk when one of the clients writes a setuid(2) file. If they also have shell access to the server it would allow them to run an executable as root.
 
No, that's not needed. If it's not specifically set to read-only it'll be shared read/write.

You might want to be careful with the -mapall=root. All files will be owned by root. This poses a risk when one of the clients writes a setuid(2) file. If they also have shell access to the server it would allow them to run an executable as root.

Ok, thank you.

Of course, what would you recommend is done instead? Based on my understanding, I only have mapall and maproot, so I either make the files on the ZFS very permissive or everything has to be done via sudo on the root machine. Is there a better option I am not aware of?
 
Back
Top