RISC OS / Mac shared drive
Paolo Fabio Zaino (28) 1882 posts |
@ John
There won’t be. Depending on the version of your mac OS those ports may already be opened, if in doubt you can add them manually (via the GUI). For testing you can simply disable the firewall temporarly. To your specific problem, if the firewall is disabled and you still get that error, can you check if you have the RPC service running please? To do that, on your mac, type: rpcinfo It should show you all the info about your current RPC status. It’s worth trying. Another thing worth trying is, on OmniCLient, instead of using the mac FQDN, in the server name field, try to use the IP, sometimes home routers are not configured correctly to resolve local names, so using the system’s IP can help figuring out what is going on. Another thing I am seeing in your configuration is, you have used a local user directory (Users/riscman/), it may be worth using /Users/Shared instead, there are extra protection when sharing directories for a local user and that may be also causing problems. I’d suggest that you can configure exactly what you want once you’ve established a working connection, just my 0.2c Again, at the very minimal, you should get the directory in readonly mode, so something is going on on your setup… HTH |
adr (12133) 23 posts |
I’m not a mac user, but it is common to have udp transport protocol disabled by default Protocol: NFS3 Server: <server ip, or hostname if it is already in Hosts file> Export: <path to exported dir> Transport: tcp Set the type of this file to “Sunfish” and click on it after executing or “seeing” !Sunfish. OmniClient’s NFS has issues managing the permissions of “nobody” user, I sent a bug report https://www.riscosopen.org/tracker/tickets/622 And it uses udp by default also. Note that these clients only support nfs2 or nfs3, make sure your server is not serving nfs4 only. |
Steve Fryatt (216) 2105 posts |
This was going to be my suggestion, too. ISTR errors like the ones John quotes above when I hit that issue a while back. |
John Rickman (71) 646 posts |
Yes! a bit of light at from further up the tunnel.
It looks as if it is running 2 and 3 only
Haven’t tried this yet but will do so next. |
Paolo Fabio Zaino (28) 1882 posts |
Yes macOS still runs by default NFS 3 (not 4), to use 4 you need to pass a specific configuration, so that shouldn’t be the problem.
In my case I do not need to type the full path, however, given you are using /Users, then your full path should be: /Volumes/Macintosh\ HD/Users/... Or whatever you have called your boot disk, by default on the mac it’s always called “Macintosh HD” (If so, don’t forget NFS requires a "\ " for the space) HTH |
David Pitt (9872) 363 posts |
Posix??? Insert This is macOS version dependent so :-
I don’t remember exactly when I had to make the change.
It is a bit obscure. I do use the Bresink NFS Manager on the grounds that it worked, having failed with manually creating files. It does now default to the ‘right’ form of path. The developer of NFS Manager has put in the effort to unknot macOS’s NFS to make it easy for me so I have purchased a license, it is only fair to do so. There is a demo mode, which I have made good use of. The Mac is complicated, I needed help. If one knows what one is doing then … Works here! |
John Rickman (71) 646 posts |
Some more progress. I reverted to short form path ie from This might all go wrong again because I have accepted an invitation from the Mac to upgrade the OS to Sonoma 14.2.1 – it is estimating 23 hours to complete the 9GB download. |
Paolo Fabio Zaino (28) 1882 posts |
Nice work! For the write access make sure the user that you’re using to log in has write access permissions on the shared path. If it’s mapping your user to “nobody” then one way to run a quick test (highly insecure!!!!) is to chmod 777 the directory you’ve shared (just Public) and test. As a side note: you can tell macOS to which user you wish to map all unauthenticated users. HTH |
John Rickman (71) 646 posts |
It only took two hours not 23 to install Sonoma. |
Paolo Fabio Zaino (28) 1882 posts |
JFYI: You can use NFS and pCloud on a mac without macFUSE. pCloud have their own client app, that can manage all the syncs and mount remote folders. NFS both client and Server are native on macOS. Did you mean NTFS ? (The Windows NT FS), If so there are solutions for that as well, worst case macFUSE will be updated soon. |
John Rickman (71) 646 posts |
@Paolo – do you know of a definitive, or comprehensive or at least an adequate source of documentation for the contents and syntax of the /etc/exports file for a mac? |
Paolo Fabio Zaino (28) 1882 posts |
@ John,
Hummm… all I can think of are some old books on administering macOS, you may check on amazon maybe? I have them somewhere in a box at my storage, so not able right now to check for titles. As a quick help for you, The mac NFS supports only a subset of the typical NFS options. Here are the supported options as of Sonoma latest version: -ro To specify that you want to share as readonly -alldirs To allow a client to mount every object contained in your shared directory -sec To specify a string (":" separated) of supported authentication protocols like krb5, krb5i, krb5p etc... -network To specify which network is allowed to access a shared directory -netmask To specify which network mask for the -network protocol -maproot=user Specifies that the remote root user should be mapped to the specified user. You may specify either a username or numeric user ID. -maproot=user:[group[:group...]] Specifies that the remote root user should be mapped to the specified user with the specified group credentials. If you include the colon with no groups, as in -maproot=username:, it means the remote user should have no group credentials. You may specify a username or numeric user ID for user and a group name or numeric group ID for group. -mapall=user Specifies that all remote users should be mapped to the specified user. -mapall=user:[group[:group...]] Specifies that all remote users should be mapped to the specified user with the specified group credentials. If you include the colon with no groups, as in mapall=username:, it specifies that the remote user should be given no group credentials. On earlier versions you could also use: -kerb To specify the IP of the kerberos server for user authentication (not sure if this still works) For more features, or to enable the NFS4 you need to configure it using the /etc/nfs.config file. But for RISC OS this is not needed, so I think you’re not interested about it. HTH |
John Rickman (71) 646 posts |
@Paolo thanks for the documentation. The good news. The following setup works.
OmniClient mounts the shared directory Public and I can read, write and create files and directories. But, there is always a but, the bad news will follow in the next post. |
Paolo Fabio Zaino (28) 1882 posts |
Nice!
Tell me about it! XD – sure, if I can be of help… |
John Rickman (71) 646 posts |
I read this: The access privileges for users and groups are controlled by the permission settings of each single file and folder, AFAICT it is true. It would have saved me a lot of grief if I had known this. |
Paolo Fabio Zaino (28) 1882 posts |
Yes, that’s correct. Althought if NFS4 has a bit more in depth security than NFS3. But in the case of RISC OS we can only use NFS2 and 3, so that doesn’t matter. The key is in the “FS” of NFS Netwrok FileSystem. Plus on Linux things are a littl emore complicated because of the custom ACL on top of the traditional ACL. But luckly you are usign macOS which is a bit more userfriendly. BTW I also showed you the quick and dirty test (chmod 777) which clearly gives away where the security is placed. If you use -mapall=riscman that should force all users to use your riscman user privileges, not sure if this could be of help to you. If you change this setting, beside of having to run “sudo nfsd update” you’ll also need to re-mount the shared folder, JFYI. HTH |
John Rickman (71) 646 posts |
Here is my /etc/exports file with various attempts to define shares
I would like to mount /Users/riscman as user riscman or uid 501. I can mount it For example trying to open DeskTop gives message “insufficient access” I could set permissions 777 for all folders and sub-folders as I have done for Public, btw -alldirs does not seem to have any effect. |
Paolo Fabio Zaino (28) 1882 posts |
@ John
That is what -mapall is for, if you use the following: /Users/riscman -32bitclients -alldirs -mapall=riscman -network 192.168.1.0 -mask 255.255.255.0 It should map all users to riscman local user. I need to double check if nobody falls also in this category. I added -32bitclients, because NFSv3 cookies are 64 bits. RISC OS DDE C should be ok, but given I did not have a look at the NFS source, this option might help, it will keep the cookies 32 bit like on NFSv2. Login a user with RISC OS is going to be tricky, because I don’t think there is a way for Omniclient (or SunFish) to support kerberos. So, you’ll probably will have to stick to nobody. I will double check this in the morning tomorrow and post an update if I find something.
-alldirs allow a client to mount any objects within the shared path, so, if omniclient supports it, if for example you have a subdirectory called “foo” in your /Users/riscman, then you could mount just foo using /Users/riscman/foo as a path for Omniclient. HTH |
John Rickman (71) 646 posts |
Thanks Paolo – I have a better understanding of what is going on now. @David Pitt, does the NFS Manager software allow you use use your mac user In order to give “nobody” the same access as user “riscman” requires changes Provided the file or directory does not have extended attrs or ACL extensions,
I am thinking to do this for the top level directory: sudo chmod -R ugo+r /Users/riscman This should grant read access to Bob & Carol & Ted & Alice & anybody else Ironic is it not that in attempting to increase security the mac is This still leavs the matter of ext attrs, ACL, and the real pain of localisation. |
David Pitt (9872) 363 posts |
There is an access related issue with Omni as reported in this bug. I have not so far persuaded NFS Manager to sidestep that. Thanks to ‘adr’ for bringing this to light, obviously I assumed user incompetence. Fortunately there is no such problem with Sunfish. Better still Sunfish is faster the Omni NFS, which can therefore be discarded. (And I prefer LanMan98 to LanManFS.) That’s the state of things here others may find differently. NFS Manager does have a free fully working demo mode so it can be tried to see if it does what is required. It just nags a bit. |
John Rickman (71) 646 posts |
In the spirit of Peace and Goodwill that is appropriate to this season of Christmas and New Year I have declared a unilateral truce in the Struggle with Apple. Instead of trying to bend it to my will I am trying to find out what it is willing to let me do. I can’t speak for SunFish as it does not work on my ARMX6.
There is no way to authenticate a real user id on Omni with NFS protocol so I am using the id “nobody” which by defaults to read only access. I would like to be able to manage contents of both folders as if they belonged to the same user. Macmini has full control over objects created on the macmini. On RISC OS in a TaskWindow
Alternatively from the RISC OS GUI: Now the RISC OS objects are fully editable from the Mac, including Deletion. It is not as easy for the reverse direction.
Now from RISC OS or Mac it is possible to modify any files in Public. The only way I have found to allow deletion of mac origin files is to change the file owner from “riscman” to “32767” This works and it can be done recursively but is very clunky. The number 32757 is the user is/owner id that Omni gives to objects created in the mount “macpublic” and in “macshare”. As to the the original question back at the start of the thread:
I know the answer and am a sadder and a wiser man. |
Sprow (202) 1158 posts |
That is the user ID (UID) used for the user ‘nobody’ by RISC OS NFS, search for “UID” in the OmniClient chapter of the RISC OS 5 User Guide around page 180ish. There could be 3 possible solutions:
Remembering I don’t have a Mac, so these are general hints from use of Unix, which might have Mac equivalents. |
John Rickman (71) 646 posts |
@Sprow thanks
This option appears to make no difference to file access of RISC OS files from the Mac
This looks to be the proper way to go but I don’t know how to do it.
The Mac has blocked all my attempts to implement this. Basically it will not allow a user to have a uid of 32757. I think the best way forward is to abandon the Mac as a file server for RISC OS and go for a separate NAS file server. Now , The question is Which NAS? home brewed with spare Raspberry Pi or commercial box like Synology DS118. |
Steve Fryatt (216) 2105 posts |
I’ve not been following all of this in detail, but if you need to access the share with a specific UID and GID, have you tried using Sunfish as the RISC OS client instead of Omni? With that, you can set the two IDs the first time you connect to a share, to whatever values that share expects. |
Alan Adams (2486) 1149 posts |
I’m currently using a Synology DS220j. It just works. Lanman98 connects reliably, every time, and Windows also connects. Both run automated backups. Both start off with Wake-on-lan, and the device goes to sleep again after 20 minutes of inactivity. That way, most of the time, it’s invisible on the network, so someone hacking in via the wireless LAN won’t know it’s there. I’m holding off on one of the offered updates however, as it’s to SMB2, and I don’t want to take a risk of SMB1 ceasing to work. That would mean diving into the mire of Unix user/uid access, that I’ve failed to get working in the past. |