Having difficulties making Linux ACL (getfacl/setfacl) work with NFS shares. We are using Ubuntu clients and QNAP storage as server.
At the moment only root user on Ubuntu has read/write access. Normal user (like www-data) gets permission denied when trying to write something.
We created the same users (www-data, ubuntu) on QNAP, set the same UIDs and GUIDs by editing /etc/passwd /etc/group but it does not help. Weird.
Our setup is the following:
QNAP:
1.) Feature "Enable Advanced Folder Permissions" is checked
2.) /etc/exports is auto-generated on qnap and is the following
"/share/MD0_DATA/Public" *(rw,async,no_root_squash,insecure)
"/share/MD0_DATA/XXX" X.X.X.X(rw,async,no_root_squash,insecure) X.X.X.X(rw,async,no_root_squash,insecure) X.X.X.X(rw,async,no_root_squash,insecure) X.X.X.X(rw,async,no_root_squash,insecure)
basically it sets "rw,async,no_root_squash,insecure" for all the exported partitions
Client (Ubuntu):
1.) /etc/fstab
X.X.X.X:/XXX /external nfs acl,soft,intr,rsize=8192,wsize=8192
2.) getfacl /external shows:
# file: external
# owner: root
# group: root
user::rwx
user:root:rwx
user:www-data:rwx
user:ubuntu:rwx
user:nobody:---
group::---
group:users:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:root:rwx
default:user:www-data:rwx
default:user:ubuntu:rwx
default:user:nobody:---
default:group::rwx
default:group:users:rwx
default:mask::rwx
default:other::---
The share is visible, but only root has write access. All others (like ubuntu, www-data) users have only read access. We would like to use ACL, at the moment we can only set RWX to POSIX 'others' which is not secure at all.
