QNAP

QTS 5.0.x

Configuring NFS Service Settings

Network File System (NFS) is a file system protocol that allows data to be accessed over a computer network. Enabling the NFS service allows Linux and FreeBSD users to connect to the NAS.

The NFS service supports the following permissions in the NFS host access settings. You can apply these permissions to shared folders in Control Panel > Privilege > Shared Folders > Edit Shared Folder Permissions, and then selecting NFS host access as the permission type.

Permission

Status

Description

sync

Disabled

Disabling sync allows the NFS server to override the NFS protocol and reply to requests before any changes made by that request have been committed to stable storage. Using this option usually improves performance.

Enabled

  • wdelay: Causes the NFS server to delay writing to the disk to accommodate requests committed to stable storage.

  • no wdelay: Turns off the delay behavior if an NFS server received mainly small unrelated requests. The default can be explicitly requested with the wdelay option.

secure

Disabled

Disabling secure requires that requests originate on TCP/IP ports above 1024.

Enabled

Enabling secure requires that requests originate on TCP/IP ports between 1-1024.

Security

Enabled

The transparent file sharing system offered by NFS exposes the data to several security vulnerabilities. The security mechanism allows safe network transmission over trusted networks. NFS protocol provides the following security options to enable secure data transfer between the server and the client.

  • sys: sys or AUTH_SYS is the default unencrypted NFS version 3 security mechanism

  • krb5: Use Kerberos for authentication only.

  • krb5i: Use Kerberos for authentication, and include a hash with each transaction to ensure data integrity. Traffic can still be intercepted and examined, but modifications to the traffic are made apparent.

  • krb5p: Use Kerberos for authentication, and encrypt all traffic between the client and server. This authentication is the most secure mechanism but also incurs the most load.

Squash

Enabled

Remote root users can change any file on the shared file system and expose other users to executable Trojan-infected applications. The squash permission enables the NFS server to transfer the client root role and prevent possible security threats.

  • Squash root users: Maps the remote root user identity to a single anonymous identity and denies the user special access rights on the specified host.

  • Squash all users: Maps all the client requests to a single anonymous identity on the NFS server.

  • Squash no users: The default option does not transfer the client root role.
  1. Go to Control Panel > Network & File Services > Win/Mac/NFS/WebDAV > NFS Service.
  2. Enable NFS Service.
    1. Select Enable Network File System (NFS) service.
    2. Select one or more NFS versions.
    3. Optional: Click Advanced Options.
    4. Optional: Select Use fixed NFS service ports.

      Service

      Description

      Remote quota server (RQUOTAD_PORT)

      Provides quota information of the user for remote users.

      Lock request on TCP port (LOCKD_TCP_PORT)

      Applies the Network Lock Manager (NLM) protocol on both TCP clients and servers.

      Lock request on UDP port (LOCKD_UDP_PORT)

      Applies the Network Lock Manager (NLM) protocol on both UDP clients and servers.

      Mount daemon (MOUNTD_PORT)

      Monitors and processes MOUNT requests from NFSv3 clients.

      NSM service daemon (STATD_PORT)

      Applies the Network Status Monitor (NSM) Remote Procedure Call (RPC) protocol to inform NFS clients when the NFS server restarts.
      Note:

      Make sure to use different port numbers for each NFS service port.

  3. Optional: Select Enable manage-gids.
    Tip:

    Enable to increase the default maximum number of groups a user can belong to. This option replaces the list of group IDs (GIDs) received from the client with a list of GIDs mapped to the user ID (UID) that can access NFS share if the appropriate client UID also exists in the NAS.

  4. Optional: Select Force client umask.

    Umask assigns default permissions for existing and new files and folders.

  5. Click Apply.

Network & File Services saves the NFS service settings.