QNAP

QTS 5.0.x

Configuring NFS Service Settings

Network File System (NFS) is a file system protocol that allows data to be accessed over a computer network. Enabling the NFS service allows Linux and FreeBSD users to connect to the NAS.

The NFS service supports the following permissions in the NFS host access settings. You can apply these permissions to shared folders in Control Panel > Privilege > Shared Folders > Edit Shared Folder Permissions, and then selecting NFS host access as the permission type.

Permission

Status

Description

sync

Disabled

Disabling sync allows the NFS server to override the NFS protocol and reply to requests before any changes made by that request have been committed to stable storage. Using this option usually improves performance, but could result in an unclean server restart (e.g., a server crash), data loss, or corruption.

Enabled

  • wdelay: Causes the NFS server to delay writing to the disk to accommodate requests committed to stable storage.

  • no wdelay: The NFS server normally delays committing a write request to disc if it suspects another related write request is in progress or arriving soon. This allows multiple write requests to be committed to the disc with the one operation which can improve performance. no wdelay is available to turn off the delay behavior if an NFS server received mainly small unrelated requests. The default can be explicitly requested with the wdelay option.

secure

Disabled

Disabling secure requires that requests originate on TCP/IP ports above 1024.

Enabled

Enabling secure requires that requests originate on TCP/IP ports between 1-1024.

Security

Enabled

The transparent file sharing system offered by NFS exposes the data to several security vulnerabilities. The security mechanism allows safe network transmission over trusted networks. NFS protocol provides the following security options to enable secure data transfer between the server and the client.

  • sys: sys or AUTH_SYS is the default unencrypted NFS version 3 security mechanism

  • krb5: Use Kerberos for authentication only.

  • krb5i: Use Kerberos for authentication, and include a hash with each transaction to ensure data integrity. Traffic can still be intercepted and examined, but modifications to the traffic are made apparent.

  • krb5p: Use Kerberos for authentication, and encrypt all traffic between the client and server. This authentication is the most secure mechanism but also incurs the most load.

Squash

Enabled

Remote root users can change any file on the shared file system and expose other users to executable Trojan-infected applications. The squash permission enables the NFS server to transfer the client root role and prevent possible security threats.

  • Squash root users: Maps the remote root user identity to a single anonymous identity and denies the user special access rights on the specified host.

  • Squash all users: Maps all the client requests to a single anonymous identity on the NFS server.

  • Squash no users: The default option does not transfer the client root role.

  1. Go to Control Panel > Network & File Services > Win/Mac/NFS/WebDAV > NFS Service.
  2. Enable NFS Service.
    1. Optional: Click Enable NFS v2/v3 Service.
    2. Optional: Click Enable NFS v4 Service.
  3. Click Enable manage-gids.
    Tip:

    Enable to increase the default maximum number of groups a user can belong to. This option replaces the list of group IDs (GIDs) received from the client with a list of GIDs mapped to the user ID (UID) that can access NFS share if the appropriate client UID also exists in the NAS.

  4. Click Apply.

Network & File Services saves the NFS service settings.