NFS - alex-aleyan/linux_wiki GitHub Wiki

Network File System (NFS) background:

  1. NFS is typically used on private LANs (as opposed to public networks).
  2. NFS service requires several service daemons.
  3. Mount-level security enables you to restrict the computers that can mount a resource and, for those allowed to mount it,enables you to specify whether it can be mounted read/write or read-only. In NFS, userlevel security is implemented by mapping users from the client systems to users on the NFS server (based on UID and not username) so that they can rely on standard Linux read/write/execute permissions, file ownership, and group permissions to access and protect files.
  4. Mount the filesystem on the client. Each client computer that is allowed access to the server’s NFS shared fi lesystem can mount it anywhere the client chooses. For example, you may mount a fi lesystem from a computer called maple on the /mnt/maple directory in your local fi lesystem. After it is mounted, you can view the contents of that directory by typing ls /mnt/maple. Then you can use the cd command below the /mnt/maple mount point to see the fi les and directories it contains.

NFS Installation/Configuration:

  1. Install NFS Utils:

    yum install nfs-utils

  2. Take a look at NFS status (expect it to not be running):

    service nfs status

  3. Take a look at NFS ConfiguratioN:

    chkconfig --list nfs

  4. Start rcpbind service:

    service rcpbind start

  5. Start nfs service:

    service nfs start

  6. Enable NFS to be on persistently:

    chkconfig nfs on

Sharing NFS Filesystems:

  1. The /etc/export format: Format: Directory Host(access options) Host(access options)

Hostnames: can be:

  • (*): any client
  • (192.168.100.100): a specific client by ip address.
  • (host2): a specific client by clientname (see /etc/hosts); (Ex: 192.168.10.0/255.255.255.0): a domain/mask combination.
  • *.mylinux.net: any client on a domain name
  • ????.mylinux.net: any clientname starting with 4-letter clientname in the .mylinux.net domain.
  • @nisgroup: client contained in NIS group

Access Options:

  • ro: read only.
  • rw: read/write.
  • insecure: enables any computer, even one that doesn’t use a secure NFS port, to access the directory.
  • no_root_squash: allows the root user from another computer to have root privileges to the shared directory.
  • root_squash: prevents the root user from another computer from having root privilege to the shared directory.
  • all_squash: all users (UIDs),groups (GIDs) mapped to UID 65534 (nfsnobody) hence minimal permission.
  • map_static: if a user has login accounts for a set of computers, it allows the user to use his own remotely mounted file on either computer from either computer.

  1. On the NFS server, configure the /etc/exports file using Directory Host(options) Host(options) format: [root@hostname ~] vim /etc/exports /home host1(rw, root_squash) host2(ro, insecure, all_squash) *.linuxtoys.net /home host1(rw, no_root_squash) host2(ro, insecure, all_squash) *.linuxtoys.net

  2. Exporting the shared filesystem to clients: [root@hostname ~] /usr/sbin/exportfs -a -r -v -a export/unexport -r refresh/re-export -v verbose -u unexport

  3. The /etc/fstab format: host:mountfromdirectory mountpoint FileSystemType options 0 0

File System Type

  • auto: the file system type detected automagically.
  • nfs: Network File System.
  • vfat, ntfs: Windows types of file systems where 95,98 and ME use vfat (aka FAT32), and NT, 2000, and XP use ntfs but are backwards compatible with vfat.
  • ntfs-3g
  • ext2, ext3, ext4, swap, jfs, reiserfs...: are all Linux types of file systems.
  • udf,iso9660: used for CDs/DVDs

options:

  • _netdev: indicates it's a network device; thus, mount it after bringing up the network (only walid with fstype nfs)!
  • hard/soft: hard (default) means that if the NFS server disconnects or goes down while a process is waiting to access it, the process will hang until the server comes back up. Helpful if it is critical that the data you are working with stay in sync with the programs that are accessing it. soft means the process will time out.
  • resize: The block of data in bytes used when requesting data; resizing up from default 1024 byte block will improve performance on fast, error free networks.
  • wsize: The block of data in bytes used when writing data; resizing up from default 1024 byte block will improve performance on fast, error free networks.
  • bg/fg: bg means that if the 1st mount attempt fails, try subsequent mounts in the back ground so other filesystems can be mount without waiting for the current one to be mount. fg (default) forces the subsequent mounts to be performed in foreground and is used when the mount must succeed before mounting subsequent filesystems.
  • auto/noauto:device is mounted automatically.
  • user/nouser: user allows normal user to mount the device, and nouser lets only the root to mount the device.
  • exec/noexec: exec (default) allows the binaries on the filesystem to be executed, and noexec prohibits such actions.
  • rw/ro: mount the filesystem as read/write, or read only.
  • sync/async: sync means perform changes to the device's (from which the file system is exported) immediately.
  • defaults: use default options (rw,suid,dev,exec,auto,nouser,async).
  1. On the client, setup you /etc/fstab file: :/remote_dir /mount_here nfs defaults,intr,bg,_netdev 0 0