I have an Ubuntu 16.04 server on which the Nextcloud snap is installed (nextcloud.lan), and an Ubuntu 16.04 NAS configured to serve files over NFSv4 (nas.lan). I would like to mount directory /var/snap/nextcloud on nextcloud.lan via an NFS directory exported from NAS, so that all of files used by Nextcloud are stored on the NAS.
NFS authentication on the NAS is configured as default AUTH_SYS/AUTH_UNIX. Please see the following configuration files for nas.lan:
/etc/idmap.conf:
[General]
Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if id differs from FQDN minus hostname
Domain = localdomain
/etc/exports:
/vol0/export 192.168.2.0/24(rw,fsid=0,insecure,no_subtree_check,async)
/vol0/export/nextcloud 192.168.2.0/24(rw,nohide,insecure,no_subtree_check,async,no_root_squash)
And for nextcloud.lan:
/etc/fstab:
nas:/nextcloud /mnt nfs auto 0 0
/etc/idmap.conf:
[General]
Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if id differs from FQDN minus hostname
Domain = localdomain
Currently, when a user with a uid that exists on both nas.lan and nextcloud.lan creates a file (e.g username jacob, uid 1000) in the mounted dir on nextcloud.lan, the file is created with the appropriate owner on both systems (e.g. jacob:jacob).
However, when the root user creates files in the exported directory on nextcloud.lan, the files appear to be owned by "nobody:nogroup" in both systems. The Nextcloud snap is only able to run as the root user, and so my question is, how can I make it so that files created by root user on NFS client nextcloud.lan appear as 'root:root', rather than 'nobody:nogroup'?
I have read that NFS does some special handling around root user permissions, and does not map root user id between systems for security reasons. I am wondering if there is a way to override this?
I saw that there is one option called no_root_squash, but this has not worked for me.
I also tried setting the following in /etc/idmapd.conf on nextcloud.local, but this has also not worked for me:
[Mapping]
Nobody-User=root
Nobody-Group=root
So far, I have tried everything I can think of to map nobody:nogroup to root:root on the nextcloud.lan system, without success.
I would appreciate any insight anyone can share on how to do this. Thank you for your help.
Best Answer
You have two entries in the export file that overlap:
any client within subnet 192.168.2.0/24 may (and probably does) uses the first entry and ends up mapping root to user nobody. Try to narrow down the IP range:
where 192.168.2.1 is supposed to the IP address of nextcloud.lan.