This solution fails at the moment I start using rsync to sync
directories to the Synology. Update when I find out where that goes wrong.
I am now using a synology for storage in the home network. Linux clients use
NFS to access the Synology, and nowadays the default NFS version is version 4,
which does things quite differently from version 3. NFS version 4 is
supposed to use user names with NFS domain names and rpc.idmapd
instead of numeric user and group IDs.
After serious debugging I found out NFSv4 with the synology doesn't use names
as I expected. I kept looking at nfs client settings but eventually I used
tcpdump, wireshark and tshark to find out owner names aren't used at all.
Numerical UIDs are used as text in the NFSv4 answers, even for files that have
an owner that is known in the synology. As if the
nfs4_disable_idmapping=0 is never set for the NFS server.
I confirmed this with capturing the NFS traffic with
tcpdump and
analyzing the pcap files with
wireshark and
tshark. I indeed
see:
reco_attr: Owner (36)
fattr4_owner: 1026
length: 4
contents: 1026
A lot of google searching confirms this, including
anyone have nfsv4 actually working? - Synology Forum. The next step is to adjust the
idmapping in the running kernel on the synology, using:
# echo N > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Now I indeed see the right strings in the NFSv4 traffic, but the idmapd
on the client doesn't translate for some reason. Fixing the
/etc/idmapd.conf file helped.
The next step is to make this change permanent on the synology. Adding a
file
/etc/modules.local.conf with
module_nfsd_args="nfs4_disable_idmapping=0"
does the trick. This I learned from reading the startup file
/etc/rc.subr which loads the kernel modules.
And now I see the right data in the NFS traffic:
reco_attr: Owner (36)
fattr4_owner: koos.at.idefix.net
length: 15
contents: koos.at.@idefix.net
And the user mapping works. On an older system I have UID 501, on the synology
I have UID 1026 and on a new system I have UID 1000, and I'm owner of the
files everywhere.
Update:
I later gave up on getting this working completely. On write actions there are
always problems with trust. The 'solution' was to allow the nfs4 idmapping with
numeric UIDs everywhere and synchronize UIDs on all systems. This returns NFS
to version 3 sec=sys security levels but to get it working completely correct
with NFSv4 needs some sort of security and trust setup that's too much work
for me.