# NFS default permissions

## pops45042

Ok, I have built a nice little network attacked storage array thanks to cheap hard drives and gentoo. But I'm having a problem with permissions.

I've got a share that all the clients mount via fstab. But whenever they copy or add folders/files, the permissions are always set with user and group being their username. Other users can not write to their files or remove them. I'd like other users to be able to.

Is there a way so that whenever a user makes a new file on the nfs share that the permissions are either:

rw-rw-rw-

or the group is always "users" ?

Thanks,

Paul

----------

## pops45042

Figures, I find the answer just when I think I've looked enough:

```
anonuid and anongid

These options explicitly set the uid and gid of  the  anonymous  account.

This  option is primarily useful for PC/NFS clients, where you might want

all requests appear to be from one user.  As  an  example,  consider  the

export  entry  for /home/joe in the example section below, which maps all

requests to uid 150 (which is supposedly that of user joe).
```

....So how do I find the id number of a specific user and group?

Paul

----------

## RoundsToZero

```

id username

```

But I think what you really want is umask.  Read the man page.  It sets the file mode creation mask.  Run with no args to see the current mask.  The execute bit is worth 1 so you want umask 0111 to get the starting permissions you said.  However this is a client setting, I don't think the NFS server enforces anything like this.  Also I don't know how to set the umask at boot time, and you would need to do that on all clients for this to work.

The group on a newly created file comes from the default group for the user who created the file.  On gentoo that really should be users, but some other distros create a group for each user.  Unfortunately, with NFS, there's no way to force remote clients to use a specific group, but if you have control over all of the user accounts, you could change the default group for all of them to users.  Just make sure the uid for users is the same on the client and the server!

----------

## pops45042

How would I specify the umask? I tried something like:

192.168.5.1:/mnt/store/ftp      /mnt/NAS        nfs     rw,rsize=8192,wsize=8192,umask=0777

but it gets pissed about the umask. The error that I got was:  *Quote:*   

> unknown nfs mount parameter: umask=777
> 
> 

 

----------

## yabbadabbadont

That's because neither nfs nor nfs4 have umask as a mount option.  (man mount)  If I remember correctly from my Unix days, the server that exports the filesystem sets the permissions.  Which is the way it should be.  (my files, my rules.   :Wink: )

----------

## pops45042

Weird, so the anongid and anonuid didn't work. This is what I set my /etc/exportfs file to:

```
/mnt/store/ftp                  192.168.5.0/24(sync,rw,no_subtree_check,anongid=100,anonuid=100)
```

and the 100 coresponds the the Users group. I did:

 *Quote:*   

> exportfs -ra
> 
> restart nfs

 

----------

## pops45042

Could someone provide an example of how to set permissions on the server to so that when a client creates a file/folder its under a certain user&group OR has specific rwxrwxrwx permissions?

Thanks,

Paul

----------

## mikb

 *pops45042 wrote:*   

> I've got a share that all the clients mount via fstab. But whenever they copy or add folders/files, the permissions are always set with user and group being their username. Other users can not write to their files or remove them. I'd like other users to be able to.

 

This is the default behaviour. And it's usually a good way of doing things (TM).

From memory you need to do a couple of things on the server:

Change the tree to a common group, say "users": 

```
chgrp -R users /mnt/store/ftp
```

Use 

```
find /mnt/store/ftp -type d|xargs chmod g+swx
```

 on the tree to force BSD style semantics on the directories, so that when a file or directory is created, the group setting is propagated.

Then make sure all your users actually belong to the group "users"

Now as for the umask stuff, as yabbadabbadont pointed out, you can't force it on an nfs mount.  :Sad: 

And anyway, umask is a mask of the bits to be disallowed, and it's applied to the permissions bitmap (see stat(2)) to work out what can be set. Typical umasks are 022 or 002 (probably the default these days), which disallow write by everyone but the owner, and write by anyone other than the owner or a member of the group, respectively. Shouldn't need to be fiddled in this case.

----------

