Support NFS mounting Media to Vero4k+

Greetings everyone,

Firstly, this is me being daft issue, rather than a vero issue per say. Looking for some help in fixing what i believe is my nfs exports. I’m fairly handy with linux but dont use it as often so a bit rusty.

TLDR - Changed my configuration architecture to be more “simple” and less secure because family=effort and now i cant mount my media.

A bit of background, everything on my home built nas used to be running native centos7 and i shared all the storage (zfs) to specific VM’s in my host to perform functions. One of those VM’s was a debain and all it did was share out NFS. I didnt allow anything bar storage running on the native host.

Back then, when i was single and child free (when i first configured this) i was rigorous about domain seperation, permissions etc. I had lots of apps talking to all the folders and everything was isolated and happy and could read/write everything it could. All to mostly best practice. I was in my happy place.

Queue years of on/off hardware issues and the EOL of Centos7 with being smart arse and moving from i3 intel to First Gen Ryzen…

I have since basically replaced the entire server/disks/os and i’m aiming for a more simple life. I run proxmox, i installed casaos to run all my services in docker rather than invidual VM’s i have to keep up to date, and i commiting the cardinal sin of running everything as root. This is where my problems seem to have started. Its as secure as it can be, any apps that are require internet access are done via docker, not on native host, host is in isolated vlan with iptables protection on router etc. Anyway, i’m rambling.

This is my current setup:

#NFS for OSMC Lounge

/storage/Movies 192.168.2.211/32(rw,insecure,no_root_squash)
/storage/TV 192.168.2.211/32(rw,insecure,no_root_squash)

However, whilst i CAN mount the storage on OSMC, it gives me permissions denied to list the contents of the folder, duh, i’m not root. If i sudo or su to root i can see the files in OSMC.

my fstab:
192.168.1.200:/storage/Movies /mnt/storage/movies nfs defaults,auto,noatime
192.168.1.200:/storage/TV /mnt/storage/tv nfs defaults,auto,noatime

I did try noauto when running the anongid etc but that didnt work either.

Obviously OMSC doesnt run under root so it cant access the files.

I’ve tried fiddling around with uid and guid=1000 on the export server so that it would mount as the osmc userid but now i have it mounted but see no contents in the folder.

/storage/Movies 192.168.2.211/32(rw,insecure,all_squash,anonuid=1000,anongid=1000)
/storage/TV 192.168.2.211/32(rw,insecure,all_squash,anonuid=1000,anongid=1000)

The goal: I dont have the time/will to live to re-permission everything properly like i used to, i want to be able to allow osmc to browse these folders so i can play my media. I believe this will require NFS minipulation. How best can i go about achieving this?

I’m running the latest version of OS+Vero VERSION_ID=“2024.02-1”

Any help appreciated.

Edit additional note, i do have 2 veros, linked to a shared database for media sync etc. Thats a side thing and i can sort that myself.

Hi,
you don’t want to run as root.
I suspect you have 2 issues here.

  1. You have the files owned by a user/group on the NAS
  2. The Vero does not know that user.

So when accessing the files, wrong user probably.
What GID do the files have on the NAS ? (Group ID)

Take that GID, create a group with the GID on your vero device, and add the osmc user to that group.
That should give you access.

Thanks for the reply.

Point 1: Its all running as root:root on the main host, so guid0. On the vero this means osmc needs to be part of guid0 which is root, which it is. From what i’ve read and from what you’ve said, this means it should work. But i suspect its because its guid0 rather than something else thats the issue.

Everything else in docker containers is accessing the data ok (on host)

Actually, uid/gid 0/0 is very bad practice. Never do that because you have to give root access to whoever accesses the data and security wise, this is really, really bad.,

You can change the data to be mode 664 for it to be visible, but the directories need to be at least mode 755.