NFS: Network File System allows directories and files to be shared and accessed across a network; the client remotely accesses the data that is stored on the server as if they were local files. NFS developed by Sun Microsystems.
Installing NFS:
If the NFS software is not already installed on the system or not running, use rpm or yum to install the software, ntsysv to enable the startup scripts. You can manually start the daemons by typing:

service nfs start

The server has to be running the following daemons:
rpc.nfsd: The NFS daemon which Services client requests for file system operations.
rpc.mountd: The remote Procedure Call (RPC) that answers a client request to mount a file system.
rpc.rquotad: which handles user file quotas on exported volumes.
rpc.lockd and rpc.statd; which handle file locking.
Recent Linux distributions will have startup scripts for these daemons.

Setting Up an NFS Server:

In order to set up an NFS server you need to edit the following three configuration files:
/etc/exports NFS main configuration file system.
/etc/hosts.allow Security file configuration
/etc/hosts.deny Security file configuration

Configuring /etc/exports:
It shows the files and directories are to be exported and which hosts can access them, and what kind of access is allowed. A simple entry in the /etc/exports file will look like this:

 /directory host(option1,option2)

Where:
directory: The directory you want to be shared. It must be full path name of the directory or file being exported. Note that if the directory is not followed by a host or an option, all hosts are granted read/write access to the directory. If a directory has been shared, then all directories within the same file system will be shared as well.

host: this is the client machine that will have access to this directory. The client machine can be listed by the DNS address of that specific machine (machine name) or by its IP address (e.g., computer10.nj180degree.net or 10.10.10.224), However using DNS address is not recommended. Note if no host value is specified, the directory is exported to everyone.
Some valid host values:
- Individual host names on the same domain or on different domain:.

/directory         nathan.nj180degree.net
/directory         nathan.nj180degree.net         bob.nj180degree.com

- wildcards such as *nj180degree.net means every host in the nj180degree.net domain.
- IP address/mask such as 192.168.1.0/255.255.255.0 for every host with an address that begins with 192.168.1.
- One directory can be exported for multiple clients in a single line yet they have the same domain name as the server eg.

/directory     -ro host1 host2 host3

options: Describes the kind of access that machine will have, the most important two options to be used in here:
- ro: The directory shared is read only; the client has no writing permission. This is the default.
- rw: client has read and write access. Note when no option is included in the exports file entry this option will be used as default.

Other options:
no_root_squash: If the user root request a file from the client machine it would be treated as if the request made by user nobody on the server. If no_root_squash is selected the root on the client machine will have exactly the same level of access to the files as root on the server.
no_subtree_check: If only part of a volume is exported, a routine called subtree checking verifies that a file that is requested from the client is in the appropriate part of the volume. If the entire volume is exported, disabling this check will speed up transfers.
sync: this option is prevent data corruption if the server reboots .
Note: async behavior tells a client machine that a file write is complete when NFS has finished handing the write over to the filesysytem. This behavior may cause data corruption if the server reboots.
Examples:

	/usr		192.168.1.0/255.255.255.0(ro)

Directory “/usr”: Read only permission for all IPs addresses within the network 192.168.1.0 with subnet mask 255.255.255.0

	/home		192.168.1.0/255.255.255.0(rw)

Directory “/home” has read and write permissions for all IPs addresses within the network 192.168.1.0 and subnet mask 255.255.255.0

	/usr/man	jack(rw) sherry(rw)

Directory “/usr/man” has read and write permissions for individual users jack and sherry

	/home/sales	*.sales.nj180degree.net(rw)

Directory “/home/sales” has read and write permissions for all users within sales sub domain clients.

Note: If you made changes to the file /etc/exports, the changes may not take effect immediately until you run the command exportfs -ra to force nfsd to re-read the /etc/exports file.
There are a couple more methods to configure NFS through a graphical interface instead. I may post a blog entry regarding the graphical methods later on this month.

Configuring etc/hosts.allow and /etc/hosts.deny

You can control and secure the NFS server by adding some entries in one of these two files or in both of them. These two files specify which computers on the network can use services on your machine. Each line of the file contains a single entry listing a service and a set of machines. When the server gets a request from a machine, it does the following:

  • It first checks hosts.allow to see if the machine matches a description listed in there. If it does, then the machine is allowed access.
  • If the machine does not match an entry in hosts.allow, the server then checks hosts.deny to see if the client matches a listing in there. If it does then the machine is denied access.
  • If the client matches no listings in either file, then it is allowed access.

An entry in hosts.allow or hosts.deny files may look like:

 service: host [or network/netmask] , host [or network/netmask]

Configuring an NFS Client:

After you got the directories being exported by the server, create a local directory on the client host to match those offered by the servers and then attach NFS directories with the mount command to the local directories you just created.

The following daemons should be running on the client box: portmap, lockd, statd to be able to mount the remote directory.
The Linux showmount command lists the directories that a server exports and the clients permitted to mount those directories.  Only users and groups who are granted permissions on the list can mount those directories Eg.

$ showmount	--exports servername
/home		192.168.1.0/255.255.255.0(rw)
/usr		192.168.1.0/255.255.255.0(ro)
/usr/man	jack(rw) sherry(rw)
/home/sales	*.sales.nj180degree.net(rw)

To attach the remote nfs directory to the local one use mount command, notice the space between two paths :

$ mount servername:/home  /home
$ mount servername: /home/sales  /home/sales

Hint: the local directory’s name doesn’t need to be the same as the remote one, you may create a local directory with different name such as:

$ mkdir /mnt/sydneybranch
$ mount servername:/mnt/salessydney /mnt/sydneybranch

Making the mount permanent:
A shared directory on a server can be mounted each time a client is started, by listing it in the /etc/fstab file. Yet the /etc/fstab file may look so confusing to modify. In this case inspect the file /etc/mtab which lists any currently mounted directories to determine the exact entry required in /etc/fstab.

Mount a directory, and look at its entry in /etc/mtab. copy that entry and past it within /etc/fstab. Next time the system reboot the mount will automatically take place.

You may like to try the autofs service to do the same job in a different way, as it is often said “all roads lead to Rome“.

Share

Related posts:

  1. Installing CentOS 5.4 Step by step