On Tue, Feb 01, 2022 at 11:28:55AM -0500, Henning Follmann wrote: > On Tue, Feb 01, 2022 at 04:32:57PM +0100, Christian Britz wrote: > > This is my entry in /etc/fstab: > > diskstation:/volume1/Medien /Daten nfs > > nfsvers=4,rw,x-systemd.automount,noauto 0 0 > > > > Mounting only works as root, I guess this is expected without further > > configuration. > > > > 1. Security: It seems that the only security check is the check for my > > IP adress. Is it possible to achieve more without dealing with Kerberos? > > > > 2. Accessing the mounted share with my personal user: The access rights > > for /Daten look right, the user on the NAS has the same name as the user > > on my machine. But: > > And how about the userId? > The username does not mean anything. The access control is > based on Id.
I'm unclear on how NFS v4 works. Everything I've read about it in the past says that you have to set up a user mapping, which is shared by the client and the server. And that this is *not* optional, and *is* exactly as much of a pain as it sounds. I'm looking at <https://help.ubuntu.com/community/NFSv4Howto> for example and there's discussion back and forth on the page about how the user mapping is not working as expected, and try this and that, and see this bug.... I've never actually used NFS v4 myself. In fact, at work I have to go out of my way to *prevent* it from being used, because some of the NFS servers to which I connect (which are not under my control) don't support it. The comment about the access being based on UID is certainly true for NFS v3, though. NFS v3 ("regular, traditional NFS") controls mounting options by the host's IP address, and controls file system access by UID and GID. There may be some way to circumvent that, but I've never done it. I just make sure the UIDs and GIDs match, the way you're supposed to. For a home network, I can't really imagine a need to go through all of the NFS v4 hoops. I would just use NFS v3 with synchronized UIDs.
