What I have:
- Synology NAS (IP x.x.x.11)
- Docker installed, and a
docker
user and group, - running many containers using the
docker
user, - all containers’ storage inside
/volume1/docker/
, - NFS share for
/volume1/docker/
(see footnote 1 below);
- Docker installed, and a
- Linux PC (IP x.x.x.10)
- Docker installed, no
docker
user and group yet, - mounted NFS share as
/media/docker
on the PC (see footnote 1 below), - this user only has read access,
sudo
has write access, but I don’t want to run everything as root!
- Docker installed, no
What I want:
- Run the containers using the PC’s CPU,
- Keep the containers’ storage on the NAS,
- only this PC (or possibly only a particular user on the PC?)
shall have network access to the NFS share.
Questions:
- On the NAS, how do I prevent READ access to the share from anywhere except that PC?
- On the NAS, how do I grant WRITE access to the share, but only to this PC? (And only to a particular user??)
- Do I need to set up a
docker
user and group on the PC? I could just use the existing (non-root) user,uid=1001
. - On the PC, how do I configure
/etc/fstab
to give write access to that non-root user on the PC?
Footnote:
- On the NAS,
sudo cat /etc/exports
gives:
/volume1/docker 192.168.1.10(rw,async,no_wdelay,crossmnt,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)
- On the PC,
cat /etc/fstab
gives:
192.168.1.11:/volume1/docker /media/docker nfs rw,vers=4 0 0