[zfs-discuss] How to stop NFS files being world-writable
joost at antarean.org
Sat Nov 10 02:37:17 EST 2018
On Saturday, November 10, 2018 7:57:53 AM CET Adam Nielsen via zfs-discuss
> Hi all,
> I'm new to ZFS and have a simple problem that I'm stuck on.
> I have exported a handful of shares via NFS
> (email@example.com/24), but when I mount them on the client
> machines, any files or folders I create are world-writable:
> $ mkdir example
> $ ls -d example
> drwxrwxrwx 2 adam users 2 Nov 10 10:05 example
> $ umask
> If I run the same command on the server it creates it with the correct
> 0755 permission, and I can chmod it to 0755 on the client, but it
> automatically gets created as 0777 for some reason (and 0666 for normal
> Creating files locally on the client, outside the NFS filesystem,
> correctly creates them as 0755/0644, so it doesn't seem to be a umask
> problem on the client.
> Since it only affects the ZFS NFS shares, is there some way to change
> this so that files created on the ZFS volumes by NFS clients aren't
> I've had a look through all the mount.nfs and exportfs options and
> can't find anything that looks like it affects umasks.
> What am I missing?
> I'm running the Arch Linux precompiled version of ZFS
> (0.7.11_4.18.16.arch1.1-2) with kernel 4.18.16.
Can you test this using NFS shares directly? (Eg. not using ZFS "sharenfs"
ZFS only uses the existing NFS tools and overrides the /etc/exports file for
its own purposes, which makes it more likely to be caused by the NFS
implementation on the host and/or client then ZFS.
For clarity, on my NFS shares (from ZFS host), I don't see this behaviour.
I do see a different issue where group-memberships don't work correctly, but
that seems to be related to too many groups for which I had a working solution
(with NFS3), but this doesn't seem stable using NFS4, see:
More information about the zfs-discuss