If this document does not correspond to your current software version, you can go to Download Center to find other available document versions.

QNAP

QuTS hero 5.0.x

Download (PDF)

Configuring NFS service settings

Network File System (NFS) is a file system protocol that allows data to be accessed over a computer network. Enabling the NFS service allows Linux and FreeBSD users to connect to the NAS.

The NFS service supports the following permissions in the NFS host access settings. You can apply these permissions to shared folders in Control Panel > Privilege > Shared Folders > Edit Shared Folder Permissions, and then selecting NFS host access as the permission type.

Permission

Status

Description

sync

Disabled

Disabling sync allows the NFS server to override the NFS protocol and reply to requests before any changes made by that request are committed to stable storage. This option usually improves performance.

Enabled

  • wdelay: Causes the NFS server to delay writing to the disk to accommodate requests committed to stable storage.

  • no wdelay: Turns off the delay behavior if an NFS server received mainly small unrelated requests. The default can be explicitly requested with the wdelay option.

secure

Disabled

Disabling secure requires that requests originate on TCP/IP ports above 1024.

Enabled

Enabling secure requires that requests originate on TCP/IP ports between 1-1024.

Security

Enabled

The transparent file sharing system offered by NFS exposes the data to several security vulnerabilities. The security mechanism allows safe network transmission over trusted networks. NFS protocol provides the following security options to enable secure data transfer between the server and the client.

  • sys: sys or AUTH_SYS is the default unencrypted NFS version 3 security mechanism

  • krb5: Use Kerberos for authentication only.

  • krb5i: Use Kerberos for authentication, and include a hash with each transaction to ensure data integrity. Traffic can still be intercepted and examined, but modifications to the traffic are made apparent.

  • krb5p: Use Kerberos for authentication, and encrypt all traffic between the client and server. This authentication is the most secure mechanism but also incurs the most load.

Note:

To use Kerberos-based authentication for NFS shared folders, NFS client and host should join the same AD (Active Directory) server and mount the shared folder via NFSv4 or later versions.

Squash

Enabled

Remote root users can change any file on the shared file system and expose other users to executable Trojan-infected applications. The squash permission enables the NFS server to transfer the client root role and prevent possible security threats.

  • Squash root users: Maps the remote root user identity to a single anonymous identity and denies the user special access rights on the specified host.

  • Squash all users: Maps all the client requests to a single anonymous identity on the NFS server.

  • Squash no users: The default option does not transfer the client root role.

  1. Go to Control Panel > Network & File Services > Win/Mac/NFS/WebDAV > NFS Service.
  2. Enable NFS Service.
    1. Select Enable Network File System (NFS) service.
    2. Select one or more NFS versions.
  3. Click Apply.

Network & File Services saves the NFS service settings.