NFS: Setting up an NFS Server

Introduction link

Network File System (NFS) is a protocol developed by Sun Microsystems that allows a computer to access files over a network.

This network file system allows sharing data primarily between UNIX systems. Implementations also exist for Macintosh and Microsoft Windows.

NFS is compatible with IPv6 on most systems.

Setting up an NFS server can be useful in certain cases such as for a TFTP server or to avoid using Samba, which is essentially an emulated Windows layer.

In terms of performance, NFS is definitely the best option!

Installation link

Debian link

Let’s install it:

  apt-get install nfs-common nfs-user-server
  

Solaris link

Nothing special to install except the NFS server itself :-).

Configuration link

Debian link

The three main configuration files are /etc/exports, /etc/hosts.deny, and /etc/hosts.allow.

/etc/exports link

The /etc/exports file is very simple:

  directory machine1(option11,option12) machine2(option21,option22)
  

For example:

  /home 192.168.0.10(rw) 192.168.0.25(ro)
  

For those who don’t want any restrictions:

  /home (rw,sync)
  

This means that machine 192.168.0.10 will be authorized to access our /home directory with read and write permissions (rw) and machine 192.168.0.25 will have read-only access (ro).

• directory: the server directory to share.
• machine: A comma-separated list of machines authorized to mount this directory (use IP addresses rather than names to avoid “DNS spoofing” problems).
• options:
  • ro: This is the default value, read-only.
  • rw: The machine has read/write access to the directory.
  • no_root_squash: Access by the root user on the server is done under the root identity, rather than nobody (default) TO BE USED PREFERABLY FOR SECURITY MEASURES
  • sync: only for NFS v2, Does not defer physical writes to the volume, increases reliability in case of improper unmounting. Version 3 has a commit-rollback mechanism so this option is not useful.
  • soft: allows NFS not to constantly access to check if the resource is available

An important point for proper operation: you must have the same group and user numbers on both machines. Systems exist to manage this, NIS (rather old) or LDAP (more recent). With few users, you can simply edit /etc/group and /etc/passwd to synchronize these numbers.

It is not recommended to export a DOS or VFAT system due to their lack of multi-user management; they are not designed to be shared with NFS.

/etc/hosts.deny link

The simplest approach is to deny everything and only authorize specific things:

  portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL
  

For the hosts.deny and hosts.allow files, you don’t even need to fill them if you don’t want any restrictions.

/etc/hosts.allow link

In the same spirit, this would be:

  portmap:192.168.1.34
lockd:192.168.1.34
mountd:192.168.1.34
rquotad:192.168.1.34
statd:192.168.1.34
  

All that’s left is to restart the service:

  /etc/init.d/nfs-server start
  

Solaris link

Configuration Files are:

• /etc/dfs/dfstab lists the resources to share at boot time.
• /etc/nfs/nfslogd.conf defines the location of the configuration logs that are used for NFS server logging.
• /etc/dfs/sharetab lists local resources that are currently being shared by the NFS server.
• /etc/rmtab lists the file systems remotely mounted by NFS clients. Do not edit this file.
• /etc/nfs/nfslog.conf lists information defining the location of the configuration logs used for NFS server logging.

dfstab link

  # Place share(1M) commands here for automatic execution
# on entering init state 3.
#
# Issue the command 'svcadm enable network/nfs/server' to
# run the NFS daemon processes and the share commands, after adding
# the very first entry to this file.
#
# share [-F fstype] [-o options] [-d "<text>"] <pathname> [resource]
# .e.g,
# share -F nfs -o rw=engineering -d "home dirs" /export/home2
  

For example, if we want to share the folder /export/home/<dir_name> in read-only mode:

  share -o ro /export/home/<dir_name>
  

Daemons link

• mountd: handles file system mount requests from remote systems and provides access control. Not used in NFSv4.
• nfsmapid: is the NFS user and group ID mapping daemon, which is used with NFSv4.
• nfsd: handles client file system requests and is used with NFSv4.
• statd: works with the lockd daemon to provide crash recovery and functions for the lock manager.
• lockd: supports record locking operations on NFS files.
• nfslogd: provides operational logging for NFSv2 and v3.

With the Solaris 10 OS and NFSv4, you need only two daemons to support NFS: nfsmapid and nfsd. The mountd and lockd daemons are integrated together, and nfsmapid and nfsd are supported in NFSv4 with port 2049, which improves support for NFS through a firewall.

If you want to use NFSv2 or v3 with the Solaris 10 OS, all daemons are supported.

Starting and Stopping the NFS Server Service link

The svc:/network/nfs/server service starts the NFS server daemons when the system enters run level 3.
To start the NFS server daemon manually, run this command:

  svcadm enable svc:/network/nfs/server
  

To stop the NFS server daemon manually, run this command:

  svcadm disable svc:/network/nfs/server
  

Checking NFS Dependencies link

Check dependencies using the svcs command:

  svcs | grep nfs
svcs -l nfs/server
  

NFS Server Commands link

• shareall: reads and executes statements from /etc/dfs/dfstab.
• shares: makes a local directory on the NFS server available for mounting.
• dfshares: when used without any arguments, displays resources currently being shared.
• dfmount: displays a list of NFS server directories that are currently mounted.
• unshare: makes file resources unavailable for mounting.

Configuring the NFS Server for Sharing link

Syntax:

  # share [-F <FSType>] [-o <option>] [<pathname>]
 
where:
 
    * -F <FSType> specifies the file system type.
    * -o <option> specifies the options that control access to the shared resource, for example read-only access.
    * <pathname> specifies the absolute path name of the resource for sharing.
  

For example, if you want to share the /export/home/<dir_name> directory, make an entry like the following in the /etc/dfs/dfstab file:

  share -F nfs -o ro /export/home/<dir_name>
  

In this example, -F specifies an NFS file system, -o ro specifies that access to the share is read-only, and /export/home/<dir_name> is the absolute path of the share.

Similarly, by using the -o rw option, you can specify that <pathname> is shared as read/write to all clients, and you can use -o root=<dir_name> to enable root privileges for the <dir_name> directory.

Making File Resources Unavailable for Mounting link

Syntax:

  unshare [-F <FSType>] [<pathname>]
  

For example:

  unshare -F nfs /export/home/<dir_name>
  

Client link

Debian link

To connect, it’s super simple:

  mount @IP:/my/share my_mount_point
  

Solaris link

Mounting a Remote File System link

Syntax:

  mount [-F <FSType>] [-o <options>] <server>:<pathname> [<mount_point>]
  

For example:

  mount -F nfs -o ro  gladiator:/export/home/<dir_name> /mymountpoint
 
where:
    * Gladiator: is the name of the remote server.
    * /export/home/<dir_name>: is the remote file resource.
    * /mymountpoint: is the mount point where /export/home/<dir_name> is shared.
  

Another example:

  mount -o ro Gladiator,Sun,Moon:/Central_data /mymountpoint
  

In the second example, if the Gladiator system is unavailable, then the request will flow to the second system, which is called Sun, and so on.

Unmounting Remote File Systems From a Client link

Syntax:

  umount [<mount_point>]
  

For example:

  umount /mymountpoint
  

Mounting Remote Resources at Boot Time link

To mount a remote file system at boot time, make an entry in /etc/vfstab.

For example, add the following entry in the /etc/dfstab file:

  Gladiator:/export/home/<dir_name>  - /mymountpoint nfs - yes bg
 
where:
 
    * device to mount is Gladiator:/export/home/<dir_name>
    * device to fsck is -
    * mount point is /mymountpoint
    * FS type is nfs
    * fsck pass is -
    * mount at boot is yes
    * mount options is bg (for background)
  

Checks link

If you want to check what kind of share is being offered by a server, you can use this command:

  showmount -e servernfs_ip_or_fqdn
  

FAQ link

mount(2): Protocol not supported link

If you encounter this kind of issue while trying to mount a share on a client side:

  mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'udp,sec=sys,rsize=8192,wsize=8192,intr,hard,addr=10.0.0.1'
mount.nfs: prog 100003, trying vers=3, prot=17
mount.nfs: trying 10.0.0.1 prog 100003 vers 3 prot UDP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 10.0.0.1 prog 100005 vers 3 prot UDP port 54874
  

That means you still have an active connection on the server side. You can see it with the showmount command:

  showmount -a
10.0.0.238:/mnt/nfs/dev/image_cache
10.0.0.238:/mnt/nfs/dev/image_upload
10.0.0.238:/mnt/nfs/dev/shared
10.0.0.238:/mnt/nfs/dev/templates
10.0.0.238:/mnt/nfs/dev/xmlcache
  

To be able to remount the mount point, run this kind of command still on the server side:

  exportfs -u 10.0.0.238:/mnt/nfs/dev/xmlcache
  

Then try to remount and it will work.

Resources link

• Setting Up An NFS Server And Client
• http://www.sun.com/bigadmin/content/submitted/fundamentals_nfs.jsp
• Setting Up An NFS Server And Client On Debian Lenny