Yast and NFS-client how to set up?

@Bugie2

You really do not need all those things you mentioned. Except when you have grown to a considerable shop of more systems with many relations of course. But for the normal home situation, with say four or five people using a few systems, you only have to administer consistent. When users do not change systems, give all a different UID. Thaus not evevrywhere the default at installation, but 1001, 1002, 1003, etc. Maybe all in the same group: users (is that 501 by default). And on the NAS you configure them all.

Also configure e.g. 1000 for you as system manager to be used for all non root cases. On the NAS that user could be the owner of all exports and then set all directories open for the group. That will allow all users to work there. Id they start to pester each other, then set the t-bit.

But I can of course not know all details of the shop you manage. It is all your sound thinking and sound implementation with the features offered.

(Once I was paid for this. Finding out what the customer really wants and putting that in a manageable environment. And be sure that within a week the customer comes with new facts and wishes.)

I have been looking into this on my machine and see I can enable and configure NIS. This begs the question where should I create the NIS server and then how do the machines communicate. More reading. Need to start again in the morning as I must close now.
Thanks to all.
Budge

Further to the suggestion that I use LDAP and NIS above and from my reading this seems to me to be the right way to go. We have at least 13 computers on the network but they are spread over different subnets all served by firewall router and using different operating systems so I am not sure if this would be practicable.
Will keep reading.

I have now found quite an instructive thread on the Qnap forum which explains why I may have some problems given my history of use of NFS connection to NAS.
The thread may be helpful to others so I shall try and include it here:-

https://forum.qnap.com/viewtopic.php?f=24&t=27384

This is not HTML, it is a link/URL. Using the Globe button in the post editor, you can create https://forum.qnap.com/viewtopic.php?f=24&t=27384

Ahhh – Yes!!!
[HR][/HR]But, I resolve this issue with QNAP boxes differently –

  • I create an NFS export on the QNAP box for a new directory, which I usually name “NFS”, parallel to the other directories on a Data Volume – “Download”, “Home”, “Public” and “Multimedia” …
  • Initially this export doesn’t have “root squash” activated because –
    I then access the NFS export from a client with the user “root” – and then, create sub-directories for each Linux user who needs to access the resource – and then, set the ownership and permissions for the sub directories to those of the Linux users – which will not be accessible via Microsoft network protocols …
  • When complete, move the user “root” away from the QNAP box export and, then activate, in the QNAP box, “root squash” for that export.

That works because, the QNAP boxes are running a Linux – with an administration interface customised for MS Windows administrators – who are forced to accept access by Apple devices – but, there’s very little available to really support access by Linux devices – except for, access via Microsoft protocols …
[HR][/HR]But, you could setup a LDAP server on the QNAP box, which may, alleviate the woes of Linux User and Group rights …

Hi dcurtisfra,
Many thanks for this grist to the mill. I started this thread with a query on a minor matter of convenience when I moved my residence but not my workstations or NAS boxes.
The background was actually part of a somewhat larger project for me as I work through all our backup and security requirements. My home system has grown through home/office system and many years on I now I find myself looking after rather more IT infrastructure than I anticipated, most computers running on M$ and part of a live business. Just to explain where I am coming from, if it was not obvious from my posts.

When I looked into my NAS box I found first that the users and rights configuration were a mess and needed to be rebuilt from the start, along the lines of the thread I posted above as a minimum. I also found that the NAS I had been using is quite old and does not support nfsv4 whereas my other newer NAS does.

I shall adjourn now and prepare a plan. I may need more help along the way but need to get my overall strategy resolved not just that on NFS.
Many thanks for the help and suggestions.
Regards,
Budge.

Hi Henk,
Please forgive the mis-posting of link below. Wrong button and my mistake.
Clearly you understand the situation in which we find ourselves and managing change has been difficult even without Covid.
Many thanks again for your support.
Regards,
Budge.

Never mind, it was only a reminder. I am working rather often with the forums and thus know which button is for what. I can understand that you hit the wrong one something now and then. BTW, the Preview Message below the post editor is very helpful in seeing what other will see when reading your post.

Regardless of the NFS version, the main problem I have with the QNAP NAS – and probably other similar NAS boxes also – is that, with NFS one has to maintain consistent UID and GID values on the NFS Servers and the NFS Clients.

  • Maintaining the consistency manually is only do-able for small private/home scenarios.
  • For the case of larger user and machine numbers, probably the only way to go is – LDAP.
    We can possibly forget NIS here – AFAICS, the QNAP boxes do not offer NIS as a supported service …

That is for sure and hasn’t much to do with the fact that NFS is used. The same is true when one exchanges Linux file systems on removable devices. The ownership/permission rules always govern.

Hi dcurtisfra,
Am returning here to start using LDAP on the NAS. It seems the Qnap wizard/guide is helpful but I have an initial question. The guide suggests I enter the “full LDAP domain name” and the example is “my-domain.com.”
What is the significance of the .com here and will this be promulgated on the WAN or just confined to our LAN? Some further reading?
Budge.

Hello Budgie2.

A the right-most component of a Domain Name is the name of the “Top-Level Domain” –

  • “.org” – Originally intended for use by non-profit organizations, and still primarily used by some.
  • “.net” – Originally intended for use by domains pointing to a distributed network of computers, or “umbrella” sites that act as the portal to a set of smaller websites.
  • “.edu” – This domain is therefore almost exclusively used by American colleges and universities.
  • “.int” – The .int TLD is strictly limited to organizations, offices, and programs endorsed by a treaty between two or more nations.
  • “.com” – Though originally intended for use by for-profit business entities, for a number of reasons it became the main TLD for domain names and is currently used by all types of entities including nonprofits, schools, and private individuals.
  • “.co.uk” – Commercial entities and purposes «located on the West European Islands»
  • “.de” – Domains located in Germany.
  • “.us” – Registrants must be United States citizens, residents, or organizations, or a foreign entity with a presence in the United States.

I suspect that, QNAP assume that, most private domains are owned by commercial companies – therefore “.com” is fairly common and, used by their example.
[HR][/HR]For the case of a LAN with private IP addresses, check the Router which connects the LAN to the ISP – if you’re lucky the Router’s manufacturer will have assigned a (private) Domain Name to the private IP addresses used by that LAN.

  • For example, I use an AVM FRITZ!Box DSL Router to access the physical DSL connection to my ISP – the default (private) Domain Name administered by the AVM Router for the private IP addresses on the LAN is – “fritz.box
    ” …

Regards
DCu

Hi and many thanks once more.
I think I should close this thread and start a new one.
My problem with the NFS was due to historical data on NAS settings before various machines were moved and reconfigured.
I was eventually able to clear by resetting.
Having read the many chapters on security and hardening on Leap 15.3 my head is spinning and I need to start over. NFS is least of my problems now, getting network structure right is much more important.
Many thanks again,
Budge.

AFAICS, you haven’t started the new Post yet –

  • One thing has struck me over the last few years – network configuration has been automated – DHCP is beginning, slowly, to work wonders …
  • In other words, what we used to configure manually is now being configured by the boxes acting as DHCP servers – boxes such as the Router connecting you to your ISP …

Which is the case for Desktop clients …

  • But, for servers connected to the Internet, despite tools such as the YaST Security section, there are still a few things to be set up manually …
    Such as, Intrusion Detection – but, be aware that, Intrusion Detection (AIDE & Co.) can only report the intrusion after it happened – it’s comparable to a Police Officer who turns up and outlines the corpse with a chalk mark – it’s known where you died but, you’re dead …
    Which implies that, AppArmor and PolKit have to be learnt …
    Or, SELinux …

Hi and thanks for the reply. More choices and decisions to take.
What I want is to take one step at a time as I read and learn. There is a lot of reading!
Regards,
Budge.