[bassmadrigal]

I am running into NFS issues with certain folders. These folders are not owned by the user running kodi, but they have full rwx rights via group. If I mount the directories manually outside of kodi, I have full access to them, but within kodi, I don't.

My /etc/exports is as follows:
 

Code:

# See exports(5) for a description.
# This file contains a list of all directories exported to other computers.
# It is used by rpc.nfsd and rpc.mountd.

/share/gothrough *(rw,insecure,sync,root_squash,subtree_check)

(I do have other shares, but those don't have any issues, so I removed references to them to minimize confusion.)

Within /share/gothrough, most is owned by my normal user (jbhansen:users), but my incoming torrent directory and its subfolders are owned by vpn:vpn with 770 permissions (set via facl, see below for details) until I can manage to sort the files and place them in their proper location with proper permissions. jbhansen is a part of the vpn group on both my server and kodi machines and all uids/gids match on both machines.

If I manually mount my nfs share onto my htpc, jbhansen can access all the folders normally, including the ones owned by vpn:vpn that have 770 permissions. However, if I try and access those same folders on the same machine, but from within kodi using its built-in NFS client, I am unable to access vpn:vpn owned files with 770 permissions. I have to adjust those permissions to 777 if I want to watch anything before sorting.

Here's the specific error message from my kodi.log:
 

Code:

2022-03-25 12:27:40.500 T:140134501062400   ERROR: Failed to open(//torrent/completed/Big Buck Bunny 4K UHD HFR 60 fps FLAC WEBRip 2160p X265 ZMachine/) opendir call failed with "NFS: READDIRPLUS of /torrent/completed/Big Buck Bunny 4K UHD HFR 60 fps FLAC WEBRip 2160p X265 ZMachine) failed with NFS3ERR_ACCES(-13)"
2022-03-25 12:27:40.500 T:140134501062400   ERROR: GetDirectory - Error getting nfs://10.0.0.152/share/gothrough/torrent/completed/Big Buck Bunny 4K UHD HFR 60 fps FLAC WEBRip 2160p X265 ZMachine/
2022-03-25 12:27:40.501 T:140135003467520   ERROR: CGUIMediaWindow::GetDirectory(nfs://10.0.0.152/share/gothrough/torrent/completed/Big Buck Bunny 4K UHD HFR 60 fps FLAC WEBRip 2160p X265 ZMachine/) failed

The manually mounted folder works fine:
 

Code:

jbhansen@febtober:~$ sudo mount -t nfs 10.0.0.152:/share/gothrough /mnt/hd
jbhansen@febtober:~$ mount -t nfs
10.0.0.152:/share/gothrough on /mnt/hd type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.0.0.152,mountvers=3,mountport=58368,mountproto=udp,local_lock=none,addr=10.0.0.152)
jbhansen@febtober:~$ ls -la "/mnt/hd/torrent/completed/Big Buck Bunny 4K UHD HFR 60 fps FLAC WEBRip 2160p X265 ZMachine/"
total 1235508
drwxrws---+   2 vpn      vpn       4096 Mar  9 19:10 ./
drwxrws---+ 137 jbhansen vpn      36864 Mar 25 11:52 ../
-rw-r--r--    1 vpn      vpn 1265110752 Mar  9 19:10 Big Buck Bunny 4K UHD HFR 60 fps FLAC WEBRip 2160p X265 ZMachine.mkv

Permissions for /share/gothrough/torrent/completed are set via facl. Here's the settings:
 

Code:

jbhansen@craven-moorhead:~$ getfacl /share/gothrough/torrent/completed/
getfacl: Removing leading '/' from absolute path names
# file: share/media/torrent/completed/
# owner: jbhansen
# group: vpn
# flags: -s-
user::rwx
group::rwx
group:vpn:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:vpn:rwx
default:mask::rwx
default:other::---

I've tried my hand at enabling logging for NFS, but all I can see is an overall authentication when I access the share itself, which is approved. I'm not seeing any error messages when trying to access a specific folder.
 

Code:

Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: check_default: access by 10.0.0.125 ALLOWED (cached)
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: Received NULL request from 10.0.0.125
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: check_default: access by 10.0.0.125 ALLOWED (cached)
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: Received EXPORT request from 10.0.0.125.
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: check_default: access by 10.0.0.125 ALLOWED (cached)
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: Received NULL request from 10.0.0.125
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: check_default: access by 10.0.0.125 ALLOWED (cached)
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: Received MNT3(/share/gothrough) request from 10.0.0.125
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: authenticated mount request from 10.0.0.125:41448 for /share/gothrough (/share/gothrough)
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: check_default: access by 10.0.0.125 ALLOWED (cached)
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: Received EXPORT request from 10.0.0.125.
Mar 25 12:27:40 craven-moorhead rpc.mountd[24778]: check_default: access by 10.0.0.125 ALLOWED (cached)

Is it possible that kodi uses a default user for nfs shares that isn't tied to the user running kodi? The user nobody was mentioned a few times in the NFS kodi wiki entry, but it didn't seem to imply that the user nobody was used to access nfs shares (unless you set it that way in your exports).

I can provide full kodi logs if needed or any logs from the htpc or server.

Any suggestions?

[Klojum]

I am running into NFS issues with certain folders. These folders are not owned by the user running kodi, but they have full rwx rights via group. If I mount the directories manually outside of kodi, I have full access to them, but within kodi, I don't.

It's quite an opening post. I myself have a straight forward NFS server setup and use Kodi's internal NFS connections. It works. If you want to make things "more complex" with different users and VPN on your server, that's basically beyond the realm of Kodi control. And there is the thing that anything VPN or torrent-related is not Team Kodi's biggest concern. There is no direct or full Linux OS support here, unless we already know about the problem at hand.

I can provide full kodi logs if needed or any logs from the htpc or server.

Well, we have no other way of getting that info. Now I don't even have a clue what Linux system is running your Kodi client or your NFS server.

The manually mounted folder works fine:

When the manual/system NFS mount works on whatever client you are using, why not use that? It may save you lots of hours of troubleshooting and mindbending.
Kodi has onboard NFS access options, but when system mounts work, you might as well use them.

[bassmadrigal]

I am running into NFS issues with certain folders. These folders are not owned by the user running kodi, but they have full rwx rights via group. If I mount the directories manually outside of kodi, I have full access to them, but within kodi, I don't.

It's quite an opening post. I myself have a straight forward NFS server setup and use Kodi's internal NFS connections. It works. If you want to make things "more complex" with different users and VPN on your server, that's basically beyond the realm of Kodi control. And there is the thing that anything VPN or torrent-related is not Team Kodi's biggest concern. There is no direct or full Linux OS support here, unless we already know about the problem at hand.

I could've very well changed the user:group from vpn:vpn to snuffy:snuffy and torrent/ to incoming/ and the problem would still be there. vpn and torrent are simply a user and folder, respectively. The issue is an NFS permissions issue that kodi runs into but the system doesn't. The issue is with folder and user/group permissions with the internal NFS client of kodi.

I can provide full kodi logs if needed or any logs from the htpc or server.

Well, we have no other way of getting that info. Now I don't even have a clue what Linux system is running your Kodi client or your NFS server.

Me mentioning that I can provide full logs was if there might be more pertinent info than what I've already posted. I already dug through the logs and these are the only aspects of them that show these issues. However, if more was desired, it was an open invitation for someone to let me know specifically what logs might be beneficial if the snippets I've provided weren't enough.

I had my kodi up and running for several weeks, so I restarted it and tried accessing the same folder to get it in the log. Here's the kodi.log.

The server is running Slackware 14.2 with nfs-utils 1.3.3 and kernel 5.10.103.

The htpc is running an older development version of Slackware (needed a newer version than 14.2 due to the hardware in the machine being too new and a newer stable wasn't available at the time) with nfs-utils 2.3.4, libnfs 4.0.0, kernel 4.19.203, and kodi v18.5.

The manually mounted folder works fine:

When the manual/system NFS mount works on whatever client you are using, why not use that? It may save you lots of hours of troubleshooting and mindbending.
Kodi has onboard NFS access options, but when system mounts work, you might as well use them.

I've always used the built-in NFS client and my entire database of over 10 years is based on those addresses. I've been using the same structure since 2011 and my kodi profile has remained through all those years. I don't have unique permissions for most of my media, only items this folder. I'd like to get to the root of the problem rather than bypass it, especially since mounting NFS shares via the system keeps them active all the time.

The NFS client within kodi just doesn't seem to be honoring group permissions. My kodi user has full access via group permissions, but kodi does not allow me to access those files/folders.

[wsnipex]

You'll end up with a different username/id when using kodis built-in NFS.
It should work if you change the permissions to 754 or use all_squash

Also note: kodi doesn't support NFSv4 yet

[bassmadrigal]

You'll end up with a different username/id when using kodis built-in NFS.
It should work if you change the permissions to 754 or use all_squash

Thanks! That was my suspicion.

Do you happen to know what user/group are used with Kodi's NFS? I'd rather grant that user/group permission manually instead of opening up permissions for anyone on the network or using all_squash for that share (although, the latter would be my preferred method of the two).

Also note: kodi doesn't support NFSv4 yet

No worries here. I'm in no rush to switch to NFSv4.