NFS and the Automounter
From Sfvlug
| Line 50: | Line 50: | ||
* -nosuid,nodev,soft,rsize=32768,wsize=32768 server:/home/& | * -nosuid,nodev,soft,rsize=32768,wsize=32768 server:/home/& | ||
</pre> | </pre> | ||
| + | |||
| + | ---- | ||
| + | [[User:Jeff|Jeff]] | ||
Revision as of 03:24, 6 September 2009
NFS is the Unix way to export and mount file systems over the network. It is very easy to configure, and almost too easy to use. I'm going to demonstrate how to configure a file server to export user home directories to various Unix clients, and how to mount them using the automounter, which is a service that mounts various file systems on demand and unmounts them after they have been unused for a period of time.
Contents |
NFS
In order to export directories via NFS, only one file must be edited, and a few services need to be running. I'll explain /etc/exports below.
- portmap or rpcbind
- NFS versions 2 and 3 are not bound to using the same ports all the time. Another service, the port mapper, tells clients which ports to use. The port mapper itself always runs on both TCP and UDP ports 111. NFS version 4 uses registered port numbers but it is much more difficult to configure, so I won't get into its details here.
- rpc.nfsd
- This is the user-space daemon that listens on the network for NFS file requests.
- rpc.mountd
- This service maintains the table of which exported file systems are mounted by which clients. It also advertises which exports are available when queried.
- rpc.rquotad
- An optional service for letting clients know there are quota restrictions on the requested file systems.
- exportfs
- The userspace tool that manipulates the kernel's exports table. It can do this either by re-reading the
exportsfile, or by parameters passed on the command line.
/etc/exports
In this example, the /home directory is exported to the entire subnet. The format of the file is simple, what to export on the left, one or more whitespace characters, and where to allow the export and under what conditions on the right. Multiple destinations can simply be specified separated by spaces. The open parenthesis must not have any preceding whitespace, or it will apply to every other host except those specified left of that space. Multiple options within the parentheses must be separated by commas only.
/home 192.168.1.0/24(rw)
Here, the rw option is specified because by default, file systems are exported read-only. There are a few other defaults which might catch you by surprise. Top among these is the concept that just because a user gets root access to a client host, does not necessarily mean that user should have root access to the files shared by the server. Therefore, root_squash is on by default. It means that the server will treat any access to files by root on the client as though they came from the nobody user. This security measure is not perfect by any means, since anyone with root access on the client can still become the user who can access whatever files are in question with a simple su command, but it resists accidents and requires that malice be more deliberate. If you actually want the root user to have unlimited power on a share, then export with the no_root_squash option.
Another option you might not expect is that NFS defaults to synchronous file system operations. This is so that writes are always performed before clients disconnect, ensuring file integrity. Use the async option if this becomes an intolerable performance hit.
Automounter
/etc/auto.master
/home /etc/auto.home
/etc/auto.home
* -nosuid,nodev,soft,rsize=32768,wsize=32768 server:/home/&
