[zfs-discuss] How to stop NFS files being world-writable

Adam Nielsen a.nielsen at shikadi.net
Sat Nov 10 01:57:53 EST 2018


Hi all,

I'm new to ZFS and have a simple problem that I'm stuck on.

I have exported a handful of shares via NFS
(sharenfs=rw=@1.2.3.4/24), but when I mount them on the client
machines, any files or folders I create are world-writable:

  $ mkdir example
  $ ls -d example
  drwxrwxrwx 2 adam users 2 Nov 10 10:05 example
  $ umask
  0022

If I run the same command on the server it creates it with the correct
0755 permission, and I can chmod it to 0755 on the client, but it
automatically gets created as 0777 for some reason (and 0666 for normal
files).

Creating files locally on the client, outside the NFS filesystem,
correctly creates them as 0755/0644, so it doesn't seem to be a umask
problem on the client.

Since it only affects the ZFS NFS shares, is there some way to change
this so that files created on the ZFS volumes by NFS clients aren't
world-writable?

I've had a look through all the mount.nfs and exportfs options and
can't find anything that looks like it affects umasks.

What am I missing?

I'm running the Arch Linux precompiled version of ZFS
(0.7.11_4.18.16.arch1.1-2) with kernel 4.18.16.

Many thanks,
Adam.


More information about the zfs-discuss mailing list