Thank you for your time during the screen share! We've gone through the different level This document describes different levels of security which you can implement be implemented on your the NFS share(s) inside SoftNAS to ensure that only authorized resources can access your the NFS share(s):.
1. HOST LEVEL SECURITY
...
The hosts that will have access to the exported directory.
...
Example of my /etc/exports file for your reference. I used option (e) to lock down my share to only 2 specific IP CIDR ranges on my network. So all the systems within that CIDR range will be able to mount and access the NFS share and no one else.
/export 10.10.1.0/24(ro,fsid=0) 10.10.20.0/24(ro,fsid=0)
/export/pool1/cifs1 10.10.1.0/24(async,no_subtree_check,no_root_squash,insecure,rw,nohide) 10.10.20.0/24(async,no_subtree_check,no_root_squash,insecure,rw,nohide)
2. ACLs LEVEL SECURITY
...
This type of Security is only ideal for small scale NFS users (around 5 users). With this type of security you can use the below commands below can be used to control access authorization to your the NFS share by creating the users from SoftNAS first and making sure that their UID/GID are the same on the linux Client(s) mounting the share. Then you can configure your ACLs per user/group bases could be configured.
Examples of the commands to run:
# useradd user1
# chmod -R 770 /pool-name/volume-name
# setfacl -m u:user1:rwx /pool-name/volume-name :- To set the ACLs for user1 on the share
# setfacl -m d:u:user1:rwx /pool-name/volume-name :- To make it the default behavior for all future directories created under the root share (/pool-name/volume-name)
3. KERBEROS LEVEL SECURITY
...
This once one is more secure and more complex to setup and it's ideal for used with centralized authentication systems like (AD or LDAP). With the setup once the share is mounted only the authorized users/groups are allowed access to the share and no one else.
...