Cannot write to NFS Share with standard user

OnDietWithPi1 · 23 February 2023 12:38

I’d like to make a folder (and its subfolders) on an USB drive connected to one SBC accessible to to a docker application on another SBC in my LAN. I’m trying to use NFS for this.
Here some details on the setup:

NFS Server: BananaPro with Debian Buster (Armbian)

$ uname -a
Linux bananapipro 5.15.89-sunxi #22.11.4 SMP Mon Jan 23 21:58:30 UTC 2023 armv7l GNU/Linux

$ ip -br a | grep eth0
eth0             UP             192.168.178.45/24 2003:cd:e70d:6f00:5153:c320:49c0:1b4d/64 fe80::f540:daa1:d572:389/64

The NFS exports configuration:

$ sudo cat /etc/exports
/mnt/volume/exports/sabnzbd 192.168.178.0/255.255.255.0(rw,no_subtree_check)

NFS Client: Odroid N2 with Debian Bullseye (DietPi v8.14.2)

$ uname -a
Linux OdroidN2 6.1.7-meson64 #22.11.4 SMP PREEMPT Mon Jan 23 21:25:00 UTC 2023 aarch64 GNU/Linux

$ ip -br a | grep eth0
eth0             UP             192.168.178.56/24 2003:cd:e70d:6f00:21e:6ff:fe42:3d4f/64 fe80::21e:6ff:fe42:3d4f/64

Problem description

On the NFS client I was not able to mount the NFS share with DietPi Drive Manager (runs into a timeout after 90 seconds). Not sure if this is related to my issue, but just mentioning it here.
But I was able to mount the NFS share on the client using CLI:

maddin@OdroidN2:~$ sudo mount 192.168.178.45:/mnt/volume/exports/sabnzbd /mnt/nfs

And it seems that the mounting has worked:

maddin@OdroidN2:~$ df -h
Filesystem                                  Size  Used Avail Use% Mounted on
udev                                        1.8G     0  1.8G   0% /dev
tmpfs                                       379M   26M  354M   7% /run
/dev/mmcblk1p1                               15G  6.1G  7.7G  44% /
tmpfs                                       1.9G     0  1.9G   0% /dev/shm
tmpfs                                       5.0M     0  5.0M   0% /run/lock
tmpfs                                       1.9G     0  1.9G   0% /tmp
tmpfs                                        50M   56K   50M   1% /var/log
192.168.178.45:/mnt/volume/exports/sabnzbd  1.8T   46G  1.7T   3% /mnt/nfs

The problem now is, that the folders inside the mounted share belong to root:

maddin@OdroidN2:/mnt/nfs$ ls -lan
total 16
drwxr-xr-x 4 0 0 4096 Feb 22 20:17 .
drwxr-xr-x 7 0 0 4096 Feb 22 21:44 ..
drwxr-xr-x 2 0 0 4096 Feb 22 20:17 complete
drwxr-xr-x 2 0 0 4096 Feb 22 20:17 incomplete

Hence, I’m also not able to create files there as user “maddin”:

maddin@OdroidN2:/mnt/nfs$ touch complete/test
touch: cannot touch 'complete/test': Permission denied

And I’m also not able to change the ownership with sudo:

maddin@OdroidN2:/mnt/nfs$ sudo chown -R maddin:maddin complete
chown: changing ownership of 'complete': Operation not permitted

So, my question is, what do I have to change on NFS server and/or client side to have read and write rights for /mnt/nfs for the standard user (and non-priviliged docker containers)? Sorry, if I’ve missed something very obvious - I’m quite a noob regarding NFS.

Joulinar · 23 February 2023 13:00

try to set no_root_squash option within your export configuration to allow non root user access.

OnDietWithPi1 · 23 February 2023 13:12

Ok, thanks for the hint. I’ve changed now /etc/exports on the NFS server to this:

/mnt/volume/exports/sabnzbd 192.168.178.0/255.255.255.0(rw,no_subtree_check,no_root_squash)

Afterwards I have enabled the changes with sudo exportfs -a and restarted the NFS service with sudo systemctl restart nfs-kernel-server.service.

On the NFS client, I’ve mounted the share again, but the problem remains unchanged. Any other ideas?

EDIT: I forgot to try that first, but Indeed I can now chown the directory /mnt/nfs to my standard user “maddin”:

maddin@OdroidN2:/mnt$ sudo chown -R maddin:maddin nfs
maddin@OdroidN2:/mnt$ ls -l
total 20
drwxr-xr-x 3 root   root   4096 Dec 28 15:04 dietpi-backup
drwxrwxr-x 7 dietpi dietpi 4096 Jan  8 15:54 dietpi_userdata
drwxrwxr-x 2 dietpi dietpi 4096 Nov 20 22:12 ftp_client
drwxr-xr-x 4 maddin maddin 4096 Feb 22 20:17 nfs
drwxrwxr-x 2 dietpi dietpi 4096 Nov 20 22:13 samba

And now I can write in that directory, of course. Hooray!
After umount the ownership of /mnt/nfs jumps back to root, but if I mount the NFS share tagain, it’s owned by “maddin” again. So problem seems to be solved. Thanks a lot!