NFS4 user mapping

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I know, there are already several questions asked (and successfully answered) about NFS4 and how it manages the user mapping. Still my problem seems to be a bit different and also after reading all the other threads, I'm still lost.



So the situation is:
I have a Synology NAS and two Raspberry Pis. Both Pis run Raspbian Stretch, the non-GUI version.
I want to use the Pis as web servers (one external and one internal only). I want to keep the web app on the NAS.



On the NAS (name CHURROS, IP 192.168.1.100)



  • I created a file share,

  • Added the user www-data and the group www-data

  • enabled NFS (version) 4

    • with no_root_squash,

    • Read/Write access

    • for the client 192.168.1.0/24


When I check the system, all looks good:



xyz@Churros:/$ sudo cat /etc/exports
/volume1/pidata 192.168.1.0/24(rw,async,no_wdelay,crossmnt,insecure,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)

xyz@Churros:id www-data
uid=1033(www-data) gid=100(users) groups=100(users),65536(www-data)


In the next step, I created the user www-data on the Pis (or better I changed the ID of the existing www-data user to the Synology ID) and mapped the share via NFS4.



The Pis are Donut (IP 192.168.1.104) and Eclair (192.168.1.102)



pi@donut:~ $ mount | grep churr
192.168.1.100:/volume1/pidata/donut on /var/churros type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.103,local_lock=none,addr=192.168.1.100)

pi@donut:~ $ id www-data
uid=1033(www-data) gid=65536(www-data) groups=65536(www-data)


and



pi@eclair:~ $ mount | grep churr
192.168.1.100:/volume1/pidata/eclair on /var/churros type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.102,local_lock=none,addr=192.168.1.100)

pi@eclair:~ $ id www-data
uid=1033(www-data) gid=65536(www-data) groups=65536(www-data)


When I now access the NFS share from Donut, all is fine: I can create folders, change the owner to www-data and this is shown on Donut (the Pi) and on Churros (the NAS):



pi@donut:~ $ ll /var/churros/
....
drwxr-xr-x 4 www-data www-data 4096 Nov 4 20:08 web


and



xyz@Churros:/$ ls -l /volume1/pidata/donut/
...
drwxr-xr-x 4 www-data www-data 4096 Nov 4 20:08 web


Cool :)



However when I mount the share from Eclair, the IDs (when I create the directory as the user www-data) are somehow mapped and when I try to change the ownership of a dir, I created as root, I get the error message Invalid argument



Even more strange is that on the NAS, the directory, I created from the Pi as www-data is shown with the correct owner.



I.e.



pi@eclair:~ $ sudo -u www-data mkdir /var/churros/web

pi@eclair:~ $ ll /var/churros/
total 4
drwxrwxrwx 2 nobody 4294967294 4096 Nov 8 18:51 web

pi@eclair:~ $ sudo chown www-data:www-data /var/churros/web/
chown: changing ownership of '/var/churros/web/': Invalid argument


but



xyz@Churros:/$ ll /volume1/pidata/eclair/
...
drwxrwxrwx+ 2 www-data www-data 4096 Nov 9 05:51 web


The only difference I'm seeing are the access privileges drwxr-xr-x for the directory created by Donut and drwxrwxrwx+ for the one of Eclair.



Because of the simplicity of the NFS server configuration, the broad client definition 192.168.1.0/24 and because the mapping from Donut is working, I don't believe the issue is created by the server but by the client.



But based on my understanding both Pis are configured identical but behave differently.



  • What did I miss?

  • Why is the UID shown differently on Eclair(Pi) and Churros(NAS)?

  • Why do I get the weird error message?

Many thanks!







share|improve this question
























    up vote
    0
    down vote

    favorite












    I know, there are already several questions asked (and successfully answered) about NFS4 and how it manages the user mapping. Still my problem seems to be a bit different and also after reading all the other threads, I'm still lost.



    So the situation is:
    I have a Synology NAS and two Raspberry Pis. Both Pis run Raspbian Stretch, the non-GUI version.
    I want to use the Pis as web servers (one external and one internal only). I want to keep the web app on the NAS.



    On the NAS (name CHURROS, IP 192.168.1.100)



    • I created a file share,

    • Added the user www-data and the group www-data

    • enabled NFS (version) 4

      • with no_root_squash,

      • Read/Write access

      • for the client 192.168.1.0/24


    When I check the system, all looks good:



    xyz@Churros:/$ sudo cat /etc/exports
    /volume1/pidata 192.168.1.0/24(rw,async,no_wdelay,crossmnt,insecure,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)

    xyz@Churros:id www-data
    uid=1033(www-data) gid=100(users) groups=100(users),65536(www-data)


    In the next step, I created the user www-data on the Pis (or better I changed the ID of the existing www-data user to the Synology ID) and mapped the share via NFS4.



    The Pis are Donut (IP 192.168.1.104) and Eclair (192.168.1.102)



    pi@donut:~ $ mount | grep churr
    192.168.1.100:/volume1/pidata/donut on /var/churros type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.103,local_lock=none,addr=192.168.1.100)

    pi@donut:~ $ id www-data
    uid=1033(www-data) gid=65536(www-data) groups=65536(www-data)


    and



    pi@eclair:~ $ mount | grep churr
    192.168.1.100:/volume1/pidata/eclair on /var/churros type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.102,local_lock=none,addr=192.168.1.100)

    pi@eclair:~ $ id www-data
    uid=1033(www-data) gid=65536(www-data) groups=65536(www-data)


    When I now access the NFS share from Donut, all is fine: I can create folders, change the owner to www-data and this is shown on Donut (the Pi) and on Churros (the NAS):



    pi@donut:~ $ ll /var/churros/
    ....
    drwxr-xr-x 4 www-data www-data 4096 Nov 4 20:08 web


    and



    xyz@Churros:/$ ls -l /volume1/pidata/donut/
    ...
    drwxr-xr-x 4 www-data www-data 4096 Nov 4 20:08 web


    Cool :)



    However when I mount the share from Eclair, the IDs (when I create the directory as the user www-data) are somehow mapped and when I try to change the ownership of a dir, I created as root, I get the error message Invalid argument



    Even more strange is that on the NAS, the directory, I created from the Pi as www-data is shown with the correct owner.



    I.e.



    pi@eclair:~ $ sudo -u www-data mkdir /var/churros/web

    pi@eclair:~ $ ll /var/churros/
    total 4
    drwxrwxrwx 2 nobody 4294967294 4096 Nov 8 18:51 web

    pi@eclair:~ $ sudo chown www-data:www-data /var/churros/web/
    chown: changing ownership of '/var/churros/web/': Invalid argument


    but



    xyz@Churros:/$ ll /volume1/pidata/eclair/
    ...
    drwxrwxrwx+ 2 www-data www-data 4096 Nov 9 05:51 web


    The only difference I'm seeing are the access privileges drwxr-xr-x for the directory created by Donut and drwxrwxrwx+ for the one of Eclair.



    Because of the simplicity of the NFS server configuration, the broad client definition 192.168.1.0/24 and because the mapping from Donut is working, I don't believe the issue is created by the server but by the client.



    But based on my understanding both Pis are configured identical but behave differently.



    • What did I miss?

    • Why is the UID shown differently on Eclair(Pi) and Churros(NAS)?

    • Why do I get the weird error message?

    Many thanks!







    share|improve this question






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I know, there are already several questions asked (and successfully answered) about NFS4 and how it manages the user mapping. Still my problem seems to be a bit different and also after reading all the other threads, I'm still lost.



      So the situation is:
      I have a Synology NAS and two Raspberry Pis. Both Pis run Raspbian Stretch, the non-GUI version.
      I want to use the Pis as web servers (one external and one internal only). I want to keep the web app on the NAS.



      On the NAS (name CHURROS, IP 192.168.1.100)



      • I created a file share,

      • Added the user www-data and the group www-data

      • enabled NFS (version) 4

        • with no_root_squash,

        • Read/Write access

        • for the client 192.168.1.0/24


      When I check the system, all looks good:



      xyz@Churros:/$ sudo cat /etc/exports
      /volume1/pidata 192.168.1.0/24(rw,async,no_wdelay,crossmnt,insecure,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)

      xyz@Churros:id www-data
      uid=1033(www-data) gid=100(users) groups=100(users),65536(www-data)


      In the next step, I created the user www-data on the Pis (or better I changed the ID of the existing www-data user to the Synology ID) and mapped the share via NFS4.



      The Pis are Donut (IP 192.168.1.104) and Eclair (192.168.1.102)



      pi@donut:~ $ mount | grep churr
      192.168.1.100:/volume1/pidata/donut on /var/churros type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.103,local_lock=none,addr=192.168.1.100)

      pi@donut:~ $ id www-data
      uid=1033(www-data) gid=65536(www-data) groups=65536(www-data)


      and



      pi@eclair:~ $ mount | grep churr
      192.168.1.100:/volume1/pidata/eclair on /var/churros type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.102,local_lock=none,addr=192.168.1.100)

      pi@eclair:~ $ id www-data
      uid=1033(www-data) gid=65536(www-data) groups=65536(www-data)


      When I now access the NFS share from Donut, all is fine: I can create folders, change the owner to www-data and this is shown on Donut (the Pi) and on Churros (the NAS):



      pi@donut:~ $ ll /var/churros/
      ....
      drwxr-xr-x 4 www-data www-data 4096 Nov 4 20:08 web


      and



      xyz@Churros:/$ ls -l /volume1/pidata/donut/
      ...
      drwxr-xr-x 4 www-data www-data 4096 Nov 4 20:08 web


      Cool :)



      However when I mount the share from Eclair, the IDs (when I create the directory as the user www-data) are somehow mapped and when I try to change the ownership of a dir, I created as root, I get the error message Invalid argument



      Even more strange is that on the NAS, the directory, I created from the Pi as www-data is shown with the correct owner.



      I.e.



      pi@eclair:~ $ sudo -u www-data mkdir /var/churros/web

      pi@eclair:~ $ ll /var/churros/
      total 4
      drwxrwxrwx 2 nobody 4294967294 4096 Nov 8 18:51 web

      pi@eclair:~ $ sudo chown www-data:www-data /var/churros/web/
      chown: changing ownership of '/var/churros/web/': Invalid argument


      but



      xyz@Churros:/$ ll /volume1/pidata/eclair/
      ...
      drwxrwxrwx+ 2 www-data www-data 4096 Nov 9 05:51 web


      The only difference I'm seeing are the access privileges drwxr-xr-x for the directory created by Donut and drwxrwxrwx+ for the one of Eclair.



      Because of the simplicity of the NFS server configuration, the broad client definition 192.168.1.0/24 and because the mapping from Donut is working, I don't believe the issue is created by the server but by the client.



      But based on my understanding both Pis are configured identical but behave differently.



      • What did I miss?

      • Why is the UID shown differently on Eclair(Pi) and Churros(NAS)?

      • Why do I get the weird error message?

      Many thanks!







      share|improve this question












      I know, there are already several questions asked (and successfully answered) about NFS4 and how it manages the user mapping. Still my problem seems to be a bit different and also after reading all the other threads, I'm still lost.



      So the situation is:
      I have a Synology NAS and two Raspberry Pis. Both Pis run Raspbian Stretch, the non-GUI version.
      I want to use the Pis as web servers (one external and one internal only). I want to keep the web app on the NAS.



      On the NAS (name CHURROS, IP 192.168.1.100)



      • I created a file share,

      • Added the user www-data and the group www-data

      • enabled NFS (version) 4

        • with no_root_squash,

        • Read/Write access

        • for the client 192.168.1.0/24


      When I check the system, all looks good:



      xyz@Churros:/$ sudo cat /etc/exports
      /volume1/pidata 192.168.1.0/24(rw,async,no_wdelay,crossmnt,insecure,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)

      xyz@Churros:id www-data
      uid=1033(www-data) gid=100(users) groups=100(users),65536(www-data)


      In the next step, I created the user www-data on the Pis (or better I changed the ID of the existing www-data user to the Synology ID) and mapped the share via NFS4.



      The Pis are Donut (IP 192.168.1.104) and Eclair (192.168.1.102)



      pi@donut:~ $ mount | grep churr
      192.168.1.100:/volume1/pidata/donut on /var/churros type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.103,local_lock=none,addr=192.168.1.100)

      pi@donut:~ $ id www-data
      uid=1033(www-data) gid=65536(www-data) groups=65536(www-data)


      and



      pi@eclair:~ $ mount | grep churr
      192.168.1.100:/volume1/pidata/eclair on /var/churros type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.102,local_lock=none,addr=192.168.1.100)

      pi@eclair:~ $ id www-data
      uid=1033(www-data) gid=65536(www-data) groups=65536(www-data)


      When I now access the NFS share from Donut, all is fine: I can create folders, change the owner to www-data and this is shown on Donut (the Pi) and on Churros (the NAS):



      pi@donut:~ $ ll /var/churros/
      ....
      drwxr-xr-x 4 www-data www-data 4096 Nov 4 20:08 web


      and



      xyz@Churros:/$ ls -l /volume1/pidata/donut/
      ...
      drwxr-xr-x 4 www-data www-data 4096 Nov 4 20:08 web


      Cool :)



      However when I mount the share from Eclair, the IDs (when I create the directory as the user www-data) are somehow mapped and when I try to change the ownership of a dir, I created as root, I get the error message Invalid argument



      Even more strange is that on the NAS, the directory, I created from the Pi as www-data is shown with the correct owner.



      I.e.



      pi@eclair:~ $ sudo -u www-data mkdir /var/churros/web

      pi@eclair:~ $ ll /var/churros/
      total 4
      drwxrwxrwx 2 nobody 4294967294 4096 Nov 8 18:51 web

      pi@eclair:~ $ sudo chown www-data:www-data /var/churros/web/
      chown: changing ownership of '/var/churros/web/': Invalid argument


      but



      xyz@Churros:/$ ll /volume1/pidata/eclair/
      ...
      drwxrwxrwx+ 2 www-data www-data 4096 Nov 9 05:51 web


      The only difference I'm seeing are the access privileges drwxr-xr-x for the directory created by Donut and drwxrwxrwx+ for the one of Eclair.



      Because of the simplicity of the NFS server configuration, the broad client definition 192.168.1.0/24 and because the mapping from Donut is working, I don't believe the issue is created by the server but by the client.



      But based on my understanding both Pis are configured identical but behave differently.



      • What did I miss?

      • Why is the UID shown differently on Eclair(Pi) and Churros(NAS)?

      • Why do I get the weird error message?

      Many thanks!









      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 9 '17 at 19:42









      allwi

      11




      11

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403597%2fnfs4-user-mapping%23new-answer', 'question_page');

          );

          Post as a guest



































          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403597%2fnfs4-user-mapping%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?