I’ve been having permissions issues with NFS shares on TrueNAS.
I’m trying to run some Docker containers on an Ubuntu server. The storage for these containers is a NFS share on my TrueNAS server mounted on the Ubuntu server with a line in the /etc/fstab file.
I’ve set the TrueNAS permissions in the ACL manager to “Full control” for owner@, group@, and everybody@. I plan to later tighten the security, but I’m leaving it open for now while I test and setup.
The NFS share settings mapall user and mapall group are set to the user and group that are considered owners in the TrueNAS ACL manager. Authorized networks and authorized hosts are left wide open.
Now on the Ubuntu server:
As mentioned previously - the NFS share is mounted to the Ubuntu server via a line in the /etc/fstab.
From the CLI on the Ubuntu server, I can navigate into the NFS mount. I can create directories (without needing to invoke sudo), I can create files (eg. touch test.txt). I can delete test directories/files after creating them. I can open existing text files with nano. It all seems to work just fine from the CLI.
Then I attempt to spin up a docker container (I’ve tried with many different containers, so I believe the issue is with TrueNAS, not with any specific container.)
This is the error output:
ERROR: for photoprism_mariadb_1 Cannot start service mariadb: error while creating mount source path '/nfs/docker/photoprism/database': chown /nfs/docker/photoprism/database: operation not permitted
ERROR: for 62739ad27489_photoprism_photoprism_1 Cannot start service photoprism: error while creating mount source path '/nfs/docker/photoprism/storage': chown /nfs/docker/photoprism/storage: operation not permitted
ERROR: for mariadb Cannot start service mariadb: error while creating mount source path '/nfs/docker/photoprism/database': chown /nfs/docker/photoprism/database: operation not permitted
ERROR: for photoprism Cannot start service photoprism: error while creating mount source path '/nfs/docker/photoprism/storage': chown /nfs/docker/photoprism/storage: operation not permitted
ERROR: Encountered errors while bringing up the project.
It is giving me issues of chown ... operation not permitted which I believe is pretty clearly a TrueNAS permission problem, but to my knowledge I’ve configured the TrueNAS dataset & NFS share to be pretty much wide open.
Thanks.
Edit:
I tried to chown the test.txt file I created. Same issue, operation not permitted.
It looks like my problem surrounds the NFS feature (or problem in this case) of root squash. Being that the TrueNAS server is not permitting the client to perform a root operation such as changing ownership. So I think I need to disable root squash for the docker related datasets. First I’m going to do some reading to see if this is considered against best practices - not sure how I feel about allowing my Ubuntu server to run as root on my TrueNAS server. My TrueNAS server contains a lot of important data.