Network Your Files in a Snap with NFS

Part One: With NFS, you can provide your Unix users with a centralized file server for everything from simple storage to networked home directories. Here's what you need to get started.

By Charlie Schluting | Posted Mar 17, 2005
Page 1 of 2
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

NFS, Network File System, is the original file-sharing method among UNIX-based computers. Originally developed by Sun, NFS is still widely used, since it is a (relatively) simple and effective means to provide a centralized file server.

We will be implementing an NFS server step by step in this article, exploring methods for simply sharing a directory, and also briefly talking about making users' home directories live on the server. A second installation will deal with the intricacies of NFS options, auto-mounting, and the differences between operating systems' NFS implementations.

Also on NFS at ENP

  • NFS/NIS: Lessen Your Legacy Security Liabilities
  • Windows Services for Unix: There's No Place Like /home
  • New Security Report is Good News/Bad News for Net Admins
  • The basic premise behind NFS is a simple client/server model. You share directories on the server, the client mounts them, and then it appears to the users on the client machine as just another file system.

    Older NFS versions, which most people use for the sake of interoperability, have practically zero security. The server will believe what it's told about the UID/GID of files, so it should be protected from the Internet. Additionally, it should be limited to only serving files for clients that you designate. The easiest way to limit NFS mounts is with tcpwrappers, configurable via /etc/hosts.allow. Portmap, lockd, rquotad, statd, and mountd should all be limited to networks or specific IP addresses of trusted NFS clients.

    The Server
    Since Linux' NFS configuration options are quite similar to other Unix variants, we will be assuming a Linux client and server for this article.

    First things first: We should begin by starting the necessary NFS services. On the server side, most distributions have a startup script designed to accomplish this. Running something like /etc/init.d/nfs start will fire up the NFS server properly on most distributions.

    Using rpcinfo -p should return a bit of information about which RPC (define) services are running. At a minimum, for NFS to function, you should see: portmap, status, mountd, nfs, and nlockmgr. Any missing items will require that you figure out why they are missing before proceeding. Note that these names are based on the most current nfs-utils package, currently nfs-utils-1.0.6-22. Your specific Linux distribution's documentation should provide more information about how to make sure everything is started at boot time.

    Now on to the fun part: sharing directories. The file /etc/exports is used to specify which file systems should be exported to which clients. This is basically a listing of:

    "directory machine1(options) machine2(options)…"

    Examples should make it clear:

    • To share /usr read-only to two IP addresses:
      /usr 192.168.0.1(ro) 192.168.0.2(ro)

    • To share /usr/local read-write to one machine, and read-only to everyone else:
      /usr/local 192.168.0.5(rw) *(ro)

    There are many ways to share directories, and many configurable options. Client lists can be netgroups, IP addresses, a single host, wildcards, or IP networks. Refer to "man exports" for more exhaustive details. The server also needs to be told to reread the configuration when it changes. This can be accomplished by sending -HUP to the nfs daemon, or by running exportfs -ra.

    If everything was done properly, this server should be ready to serve NFS. The command showmount -e will list the exported file systems. If an RPC error was returned, that generally means a necessary service is not running.

    Continued on page 2: Configuring the Client

    Comment and Contribute
    (Maximum characters: 1200). You have
    characters left.
    Get the Latest Scoop with Enterprise Networking Planet Newsletter