Writeable Linux NFS 4 shares and Mac OS X Finder

In my setup I run Arch Linux and NFSv4 server on this system. I’d like to connect to any of the shares thatare available on this laptop server and write to them from the Finder in Mac OS X.

NFS Configuration

First things first, the Arch Wiki:

https://wiki.archlinux.org/index.php/Nfs
https://wiki.archlinux.org/index.php/Nfs#Mounting_from_OS_X

Then you get NFS and its dependencies installed.

Now, NFS configuration.

I export just one folder, /srv/nfs4/seagate1TB. NFS4 has the concept of the root for the exports and that’s what /srv/nfs4/ is exactly. Access is granted exclusively to specific /29 network.

/etc/exports

/srv/nfs4/ xxx.xxx.xxx.0/29(rw,fsid=0,no_subtree_check)
/srv/nfs4/seagate1TB xxx.xxx.xxx.0/29(rw,insecure,no_subtree_check,nohide,all_squash,anonuid=1000,anongid=1000)

I encourage to read ‘man exports’, specifically General Options, User ID Mapping and EXAMPLE sections.

After reading ‘man exports’ it was clear that the key to configuring writeable NFS share were all_squash, anonuid and anonguid options.

In plain English, when Finder copies to NFS share/export files and folders they have to be created on the NFS server. The server then has to decide who these files are going to belong to. Since the server has no way to tell what user (user ids, the UID and GID) are currently used on the client OS X machine, and also because it is, in fact, not always desired that files are created on a server with the same UID/GID of the user that runs NFS client software, there are basically two options.

First, is to use all_squash which is going to ‘anonymize’ UID/GID and instruct NFS server to create files in such a way that they belong to nobody user. Alternatively, you can set all_squash, as well as anonuid=1000 and anongid=1000 to match first non-system user on a modern Linux system.

So, I know that I store files on the disk that is exported as a specific user, so I configured my NFS export/share to create files on behalf of a client (Finder in Mac OS X) as that specific user (that’s what anonuid and anongid are for).

One more thing. Just for the sake of completeness, this is how I mount the disk and make it available for NFS export:

/etc/fstab

UUID=9d244934-d9fa-4a8e-8dd7-5c595f5518cf /mnt/seagate1TB auto defaults 0 0

# NFSv4
/mnt/seagate1TB /srv/nfs4/seagate1TB none bind 0 0

I first mount this disk device with unique identifier (UUID) in /mnt/seagate1TB, then bind it to /srv/nfs4/seagate1TB. I like to keep things multihomed sort of. Meaning, they can do many functions simultaneously, so this disk isn’t used for NFS alone and it makes sense to mount it in /mnt/seagate1TB first.

If you couldn’t care less about such things, just mount it directly to /srv/nfs4/seagate1TB to have it as a reminder that it is explicitly used for NFS.

You can also use symlinks, that are really handy. Consider the following example:

% ls -l /srv/nfs4/

disk -> /run/media/joe/disk
disk-1 -> /run/media/joe/disk-1
disk-2 -> /run/media/joe/disk-2
seagate1TB -> /run/media/joe/9d244934-d9fa-4a8e-8dd7-5c595f5518cf/

In fact, I’ve switched to using symlink because it lets me maintain NFS export handles in a consistent fashion regardless of where the actual filesystems/disks are mounted. So, I can always access them as:

myserver.net:/srv/nfs4/disk
myserver.net:/srv/nfs4/disk-1
etc

while the disk are mounted elsewhere.

Firewall and NFS4

If you have a restrictive firewall things get really interesting. rpcbind daemon uses random ports to facilitate client to server connections. Fun! Honestly, I don’t know how to deal with this. Well, except restarting firewall manually or granting access to all destination ports for the host in question (this is what I’m doing on my home LAN).

Trivia

To quickly unexport all shares on the server:

exportfs -au

To quickly mount/export all shares on the server:

exportfs -rav

-v will increase verbosity so that you know what’s going on.

Apple keyboard in Linux

I’ve got myself a wired aluminium USB Apple keyboard, and I’m running Arch Linux that mostly hasn’t been updated since the end of the summer of 2011 (just to give you some idea about how recent my software is: gnome-desktop 3.0.2, gtk3 3.0.11, compiz-core 0.8.6, glibc 2.13, gcc 4.6.0, etc).

As it was reported in this nice post, all keys except Expose and Dashboard work right out of the box (or, more accurately, are recognized but not necessarily do the expected; pleased read on). I successfully assigned Expose key to the Compiz Scale plug-in, however Dashboard was giving me a hard time. I ended up assigning keycode 212 to F13 key symbol, that works just fine, for some reason unknown to me XF86Calculator doesn’t play well with this button.

In my case I have Apple keyboard connected to a Samsung R-20 notebook computer, that is physically placed behind a 24″ DELL display. So, I’m not sure whether there’s some sort of conflict between the two keyboards that have multimedia keys on them connected to a single computer:

% xinput list
⎡ Virtual core pointer id=2 [master pointer (3)]
⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)]
⎜ ↳ Logitech USB Receiver id=10 [slave pointer (2)]
⎜ ↳ Logitech USB Receiver id=11 [slave pointer (2)]
⎜ ↳ SynPS/2 Synaptics TouchPad id=15 [slave pointer (2)]
⎣ Virtual core keyboard id=3 [master keyboard (2)]
↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)]
↳ Power Button id=6 [slave keyboard (3)]
↳ Video Bus id=7 [slave keyboard (3)]
↳ Power Button id=8 [slave keyboard (3)]
↳ Sleep Button id=9 [slave keyboard (3)]
↳ AT Translated Set 2 keyboard id=14 [slave keyboard (3)]
↳ Apple Inc. Apple Keyboard id=12 [slave keyboard (3)]
↳ Apple Inc. Apple Keyboard id=13 [slave keyboard (3)]

Continue reading

yaourt Proxy Settings

In Arch Linux, getting yaourt that is being run as normal user (which is a requirement of the program) to work with proxy was a bit of a challenge.

On my system I have proxy settings setup this way:

/etc/profile.d/proxy.sh
http_proxy=http://proxy.corp.com:8080/
ftp_proxy=http://proxy.corp.com:8080/
all_proxy=socks://proxy.corp.com:8080/
https_proxy=http://proxy.corp.com:8080/
no_proxy=localhost,127.0.0.0/8

export http_proxy;
export ftp_proxy;
export all_proxy;
export https_proxy;
export no_proxy;

When run as normal user yaourt relies on sudo to call pacman to perform package management in the system. The trouble is that when sudo is invoked by yaourt it doesn’t keep your *_proxy variables. The solution is to tell sudo to explicitly keep those variables whenever it’s invoked.

Continue reading

Extracting a Radio Station URL from Banshee 2 SQLite DB

I’ve wanted for a while to extract a radio station url for HBR1, Ambient from Banshee 2.0.1.

My first thought was to grep recursively and disregarding character case for ‘hbr’ in $HOME. That didn’t work.

After some time I realized that probably Banshee stored most of the data in a sqlite db. I was right about that, but  finding the radio station url still wasn’t as simple.

Here’s what I did to get it printed out on my console:

~/.config/banshee-1 % sqlite3 banshee.db ‘select * from CoreTracks’ | grep -i hbr
3|2586|12|463|0|0||http://ubuntu.hbr1.com:19800/ambient.ogg||0|0|0|0|5|0|HBR1, Ambient|hbr1 ambient||,    �
!/Q    2!p�|0|0|0|0|0|0|Ambient|||||||0|0|0|0|||1294327820|1326656231|d6bb2e3f688f3bb51bbf660a6707629e|0||0
3|2587|12|464|0|0||http://ubuntu.hbr1.com:19800/tronic.ogg||0|0|0|0|5|1|HBR1, House|hbr1 house||,    �
!/,|��!|0|0|0|0|0|0|House|||||||0|0|0|0|||1294327883|1320570155|0d8fca4c8853d6f5da29987a912f0ea6|0||0
3|2588|12|465|0|0||http://ubuntu.hbr1.com:19800/trance.ogg||0|0|0|0|5|0|HBR1.com – I.D.M. Tranceponder|hbr1com – idm tranceponder||,    �
!3

Yeah, not pretty, but who cares as long as you can extract your data, right? Of course, if you’re going to re-use the output in your scripts you’ll have to figure out how to make the output prettier. If you do that, drop me a line in the comments section, please.