NFS client not allow to use Internal Audio and Video in client machine

Hi Everybody,

Recently, I installed a PC with Gnome Fedora 40 as a NFS Client for a Linux NFS Server - which is a Fedora Server as well-, everything goes well, I tried to play any kind of sound but for any reason I cannot play as a “nfs user”.
This Fedora PC Client works with NFS & YP server very well, no problems so far. However, if I use a “local” user, I can play sounds, use audio players, watch videos on YouTube, etc.
Even if I use the root user on this PC, I can hear the audio without any major issues.
I was thinking this issue is related to “system groups” as for example “Wheel” and “input” groups, so I tried to add a particular NFS user without success.
Only in this kind of configuration the NFS user is a kind of restrictions. Local and Root users has no problems at all.

Any suggestion or idea to start solving this problem is welcome. If you need any other info, I will glad to share.

I have researched similar situations on the internet but haven’t found a solution. I have also experimented on my own with various configurations but haven’t had any results.

Thank you, Regards,
Israel

The “nfsuser” is by default restricted as to what may be done.

I am not sure what you are wishing to do but it appears that you wish to connect from the nfs client to the server then treat that server as your local pc and use audio etc. from files on that server.

That is not the intent of that kind of server. It is not configured to ‘serve’ audio to clients. For that purpose you would need to configure a media server. Different purposes and different configs and different software.

Maybe you would consider something like plex media server for that purpose. Free to download and install, easy to configure, and can be configured to allow serving media to anywhere across the internet if you wish to get that extravagant. There are other media server designs as well. (and most could run on the same platform as the nfs server.)

Basically a media server streams the files to the client and the client performs the audio and video management with the received data.

1 Like

Hello Jeff V,

Thanks for responding to this thread! Maybe I haven’t explained myself well. Let me try to explain what is happening with this Fedora Client.

I had created a network with a Linux server based on NFS and YP services to centralize the information on that server. Clients are a kind of “dummy” client machines. So far there is no extraordinary network configuration.

I have integrated new clients with Gnome Fedora 40 Linux version, as I know it is the latest version of this distro.
Our clients (humans and machines) need to use some functions of the PC, such as audio and video, for video conferencing and things like that. No extraordinary surroundings at all.

The problem arises after the integration of these new clients (Fedora 40) to the Network based on NFS and YP services.
Before the integration, the local user of the Fedora machine can use camera and audio devices on the local machine. After integration with NFS and YP, “NFS users” cannot use the audio and video functions of the local machine.

In fact, the Root user on the Fedora machine is the only user who can use audio and video.

It is not necessary to serve streaming from our server. We need to simply allow nfs users to use the audio and video hardware functions of the local machine.

I think it is a permissions issue, in that sense I tried to add an NFS user to the Wheel and Input group of the /etc/group of the local machine without success.

I hope this explains what the situation is to resolve.

As I understand it an “NFS User” does not normally have a local account on the NFS server. They have access to files stored there, but no local account so cannot use the local hardware.

I still do not fully understand the issue and what exactly your are trying to accomplish.

Users with local accounts on the server, when at the console, should have permissions appropriate to their user. Remote NFS Users are not locally signed in and should never have access to manage the hardware for security reasons that have been fine tuned and established over many years.

If your user is locally signed in they should be able to access the hardware.
If the user is signed in to a remote client they should not be able to access the server hardware via NFS.

If the user is on a remote client and wants access to audio that is stored on the server they would need to download the file locally then play that audio.
If they do not want to download it but “play” it directly from the server then the server needs to be set up as a media server and the client could stream it as audio from that media server.

An NFS server is only for file storage and access.
A media server is for streaming of media (audio and video)

Two completely different functions, different software providing the service, and neither has services that cross over into the other area.

If you are looking for conference type software that is another (again different type) of service and has specialized software to provide that service.

In other words, you need to clearly define exactly what is the desired service to be provided to the “client” then provide the proper support for that particular service.

YP is an access authentication service
NFS is a file storage and access service

Neither have anything to do with providing any form of media or conferencing services.

Could it be that the software for video conferencing doesn’t understand YP (aka NIS) users, and that the NFS file server isn’t involved at all in this.

Are your home directories mounted NFS file systems?

Does it make a difference if you log in with a user name found in /etc/passwd and /etc/shadow, or if you log in with a user name only found on the YP server?

Do you have any SELinux errors in the journal?

Hi Villy,

Yes, they are.

In fact, a user from local /etc/password; /etc/shadow is able to use videoconference (audio and video) without problems.
If the user come from YP Server that’s the big deal!. (s)he is unable to use audio and video.

At this moment, SELinux is disable!.

Logged-in users are granted access to audio and video devices with the udev uaccess tag that creates the relevant ACLs, see:

getfacl /dev/video*

This may not work for NIS/YP users, so consider adding them to the audio and video groups, or create another udev rule that provides the necessary permissions.

1 Like