I have serveral Ubuntu server running in virtual machines on my host. Everything works fine but there is a problem. I use NFS to share a common directory between the VMs. And as the machines user IDs are different so even when user and password are the same, they cannot write data or use data thats from another VM. Changing user IDs did not work properly, I rolled that back.
So, someone mentioned Kerberos to manage users. This seems a bit too much effort. Is there a better, lightweight solution? Or even another way to share a common disk space? How is this done usually?
You must log in or register to comment.
A plain old samba share works just fine, I’ve got a few running at home.
my chosen methods in order of preference:
- virtiofs
- nfs 4
- nfs 3
- samba (ick)
NFS handles permissions based on the UID and GID of the user account accessing the share. (Assuming you haven’t restricted the share to a specific subnet or host IP).
When you create the NFS share, assign permissions using a group with a non-standard GID (doesn’t matter what, but pick something you’ll remember like 3000).
How you go about that will depend on the server you’re running the NFS share on. It’ll be different for Ubuntu or TrueNAS or Unraid etc - so read the documentation.
Once that is sorted, for each VM you need to create a group using that GID and assign the relevant users on each VM to be members of that group.
If you’re following best practices and running services as non-root, it’s usually also necessary to change the group ownership of the mount point directories on each VM so that the group you’ve just created with GIS 3000 (or whatever) is the owner.
edit: As a side note, because this tripped me up for a while - if you’re running LXC’s in proxmox, they’ll need to be privileged containers or you need to manually enable the NFS option for the LXC otherwise it doesn’t matter what you do with permissions, you won’t be able to mount the share.
The laziest way to fix your issue is to chmod the shared directory to 777.
I would only suggest this if this is on a LAN and you are the only person using the different machines.
Changing user IDs did not work properly, I rolled that back.
It should work fine so you must have done something wrong. How did you change the user IDs?
This is how NFS works. Making sure that usernames and userids match on all of your servers will fix this and is by far the simplest solution. If it didn’t work, you probably just made a typo somewhere.
Other options.
Use an LDAP serer (I like LLDAP) to provide a single user database for all your servers. This has lots of advantages (can provision users and change passwords for all servers in a single place). But it is fixing your problem in the same way as above (making usernames and user ids match on all of your servers).
Use Samba/CIFS instead of NFS. Because you authenticate with a user/pass all actions happen as the user you authenticate and so local user permissions don’t matter.
This post is an automated archive from a submission made on /r/selfhosted, powered by Fediverser software running on alien.top. Responses to this submission will not be seen by the original author until they claim ownership of their alien.top account. Please consider reaching out to them let them know about this post and help them migrate to Lemmy.
Lemmy users: you are still very much encouraged to participate in the discussion. There are still many other subscribers on [email protected] that can benefit from your contribution and join in the conversation.
Reddit users: you can also join the fediverse right away by getting by visiting https://portal.alien.top. If you are looking for a Reddit alternative made for and by an independent community, check out Fediverser.
would access rights per client IP work for you?
if you want per user, then kerberos, or as u/RedditSlayer2020 has said, use SMB
Try samba