I have a NAS appliance (Synology DiskStation), which exposes file shares through a variety of common protocols, including NFS and SMB/CIFS. The device has its own user set and permissions system for the files.

I also have a Linux server on which I wish to mount a share remotely. The server has users of the same names as those on the device. I wish the mount to occur automatically when the server starts, and to present the same file permissions to its local users as on the device. In this sense, the files would appear just as local files, that is, always available, and with per-file permissions respected.

I am not currently operating a domain.

To the extent possible, I prefer to avoid the following:

• Changing the UIDs of any users on the server.
• Exposing any shares to unauthenticated access.
• Any complex configuration of a domain.

What is the best approach?

I am using fstab with a credentials file so the backup directory is mounted automatically.
You can make an entry for each user and have it mount the share in their home directory. But this does mean that there needs to be a copy of their Synology username and password on the server for this to work, probably in each users home as well so they can update it when they change it.

Windows and linux permissions are not compatible and therefore samba maps DOS permissions. samba defaults to map archive = yes and Synology appears to work the same. Although files will appear as local there permissions will not be "respected" if I understand your post.
https://www.oreilly.com/openbook/sam...k/ch05_03.html

With NFS permissions will be "respected" but I did not find anything easy to map local UIDs to Synology UIDs.

The suggestion of separate mounts for each user may be workable, but the requirement for provisioning explicitly for each user, in the mount table, causes some difficulties.

I think the approach has a further limitation, more subtle, but perhaps an even greater sense of difficulty. The shared files do not entirely comprise a set of subtrees, each corresponding to one user who has full and exclusive access to the contents. Rather, each separate item in the file tree has an ACL, and the system must enforce those privileges by accepting or denying users' access attempts the same as for attempted access on the file server.

Note the client understanding or modifying the permissions is not necessary, only that the server enforce them.

One more concern, as it seems that while CIFS has in some ways a more flexible permissions system for client access, I also recall that it lacks support for creating or modifying hard or symbolic links, which is a considerable limitation, and not found in NFS.