Chapter 38. Sharing File Systems with NFS¶
Contents
Distributing and sharing file systems over a network is a common
task in corporate environments. NFS is a
proven system that also works together with the yellow pages
protocol NIS. For a more secure
protocol that works together with LDAP and
may also be kerberized, check NFSv4.
NFS works with NIS to make a network transparent to the user. With NFS, it is possible to distribute arbitrary file systems over the network. With an appropriate setup, users always find themselves in the same environment independent of the terminal they currently use.
Like NIS, NFS is a client/server system. However, a machine can be both—it can supply file systems over the network (export) and mount file systems from other hosts (import).
![[Important]](admon/important.png) | Need for DNS |
|---|---|
In principle, all exports can be made using IP addresses only. To avoid time-outs, you should have a working DNS system. This is necessary at least for logging purposes, because the mountd daemon does reverse lookups. | |
38.1. Installing the Required Software¶
To configure your host as an NFS client, you do not need to install additional software. All packages needed to configure an NFS client are installed by default.
NFS server software is not part of the default installation. To install
the NFS server software, start YaST and select
+. Now choose
+ and select or use the option and search
for NFS Server. Confirm the installation of the
packages to finish the installation process.
38.2. Importing File Systems with YaST¶
Users authorized to do so can mount NFS directories from an NFS server into their own file trees. This can be achieved using the YaST module . Just enter the hostname of the NFS server, the directory to import, and the mount point at which to mount this directory locally. The changes will take effect after is clicked in the first dialog. Click to open the firewall to allow access to the service from remote computers. The firewall status is displayed next to the check box. Clicking to saves your changes. See Figure 38.1, “NFS Client Configuration with YaST”.
The configuration is written to /etc/fstab and
the specified file systems are mounted. When you start the YaST
configuration client at a later point in
time, it also reads the existing configuration from this file.
An NFSv4 file system can currently only be imported manually. This is explained in Section 38.3, “Importing File Systems Manually”.
38.3. Importing File Systems Manually¶
File systems can also be imported manually from an NFS server. The
prerequisite for this is a running RPC port mapper, which can be started
by entering rcportmap start as
root. Once this
prerequisite is met, remote exported file systems can be mounted in the
file system just like local hard disks using the mount
command in the following manner:
mount host:remote-pathlocal-path
If user directories from the machine sun, for example, should be imported, use the following command:
mount sun:/home /home
38.3.1. Importing NFSv4 File Systems¶
The idmapd service must be up and running on the client to do an NFSv4 import. Start the idmapd service from the command prompt with rcidmapd start. Use rcidmapd status to check the status of idmapd.
The idmapd services stores its parameters in the
/etc/idmapd.conf file. Leave the value of the
Domain parameter as localdomain.
Ensure that the value specified is the same for both the NFS client and
NFS server.
Make NFSv4 imports by giving a command from the shell prompt. To import NFSv4 remote file systems, use the following command:
mount -t nfs4 host:/ local-path
Replace host with the NFS server that hosts one or
more NFSv4 exports and local-path with the directory
location in the client machine where this should be mounted. For
example, to import /home exported with NFSv4 on
sun to /local/home, use the following
command:
mount -t nfs4 sun:/ /local/home
The remote file system path that follows the server name and a colon is a slash “/”. This is unlike the way it is specified for v3 imports, where the exact path of the remote file system is given. This is a concept called pseudo file system, which is explained in Section 38.4.1, “Exporting for NFSv4 Clients”.
38.3.2. Using the Automount Service¶
As well as the regular local device mounts, the autofs daemon can be
used to mount remote file systems automatically too. To do this, add the
following entry in the your /etc/auto.master file:
/nfsmounts /etc/auto.nfs
Now the /nfsmounts directory acts as a root for all
the NFS mounts on the client if the auto.nfs file
is completed appropriately. The name auto.nfs is
chosen for sake of convenience—you can choose any name. In the
selected file (create it if it does not exist), add entries for all the
NFS mounts as in the following example:
localdata -fstype=nfs server1:/data nfs4mount -fstype=nfs4 server2:/
Activate the settings with rcautofs start.
For this example, /nfsmounts/localdata, the
/data directory of server1, is then mounted with
NFS and /nfsmounts/nfs4mount from server2 is
mounted with NFSv4.
If the /etc/auto.master file is edited while the
service autofs is running, the automounter must be restarted for the
changes to take effect. Do this with rcautofs
restart.
38.3.3. Manually Editing /etc/fstab
¶
A typical NFS mount entry in /etc/fstab looks like
this:
host:/data /local/path nfs rw,noauto 0 0
NFSv4 mounts may also be added to the /etc/fstab
file manually. For these mounts, use nfs4 instead of
nfs in the third column and make sure that the remote
file system is given as / after the
host: in the first column. The advantage of
saving this information in /etc/fstab is that
commands for mounting can be shortened to just mentioning the local
mount point alone, for example:
mount /local/path
38.4. Exporting File Systems with YaST¶
With YaST, turn a host in your network into an NFS server—a server that exports directories and files to all hosts granted access to it. This could be done to provide applications to all members of a group without installing them locally on each and every host. To install such a server, start YaST and select +. A dialog like that in Figure 38.2, “NFS Server Configuration Tool” opens.
Next, activate and enter the .
Click if you need secure access to the server. A prerequisite for this is to have Kerberos installed in your domain and both the server and the clients are kerberized. Click .
In the upper text field, enter the directories to export. Below, enter
the hosts that should have access to them. This dialog is shown in
Figure 38.3, “Configuring an NFS Server with YaST”. The
figure shows the scenario where NFSv4 is enabled in the previous dialog.
Bindmount Targets is shown in the right pane. For more
details, refer to the help shown on the left pane. In the lower half of
the dialog, there are four options that can be set for each host:
single host, netgroups,
wildcards, and IP networks. For a more
thorough explanation of these options, refer to exports
man page. Click to complete the configuration.
| Automatic Firewall Configuration |
|---|---|
If a firewall is active on your system (SuSEfirewall2), YaST adapts
its configuration for the NFS server by enabling the
| |
38.4.1. Exporting for NFSv4 Clients¶
Activate to support NFSv4 clients. Clients with NFSv3 can still access the server's exported directories if they are exported appropriately. This is explained in detail in Section 38.4.3, “Coexisting v3 and v4 Exports”.
After activating NFSv4, enter an appropriate domain name. Make sure that
the name entered is the same as the one present in the
/etc/idmapd.conf file of any NFSv4 client that accesses this
particular server. This parameter is for the idmapd service that is
required for NFSv4 support (on both server and client). Leave it as
localdomain (the default) if you do not have special
requirements. For more information, see
Section 38.7, “For More Information”.
Click . The dialog that follows has two sections. The upper half consists of two columns named and . is a directly editable column that lists the directories to export.
For a fixed set of clients, there are two types of directories that can be exported—directories that act as pseudo root file systems and those that are bound to some subdirectory of the pseudo file system. This pseudo file system acts as a base point under which all file systems exported for the same client set take their place. For a client or set of clients, only one directory on the server can be configured as pseudo root for export. For this same client, export multiple directories by binding them to some existing subdirectory in the pseudo root.
In the lower half of the dialog, enter the client (wild card) and export options for a particular directory. After adding a directory in the upper half, another dialog for entering the client and option information pops up automatically. After that, to add a new client (client set), click .
In the small dialog that opens, enter the host wild card. There are four
possible types of host wild cards that can be set for each host: a
single host (name or IP address), netgroups, wild cards (such as
* indicating all machines can access the server), and
IP networks. Then, in , include
fsid=0 in the comma-separated list of options to
configure the directory as pseudo root. If this directory should be
bound to another directory under an already configured pseudo root, make
sure that a target bind path is given in the option list with
bind=/target/path.
For example, suppose that the directory /exports is
chosen as the pseudo root directory for all the clients that can access
the server. Then add this in the upper half and make sure that the
options entered for this directory include fsid=0. If
there is another directory, /data, that also needs
to be NFSv4 exported, add this directory to the upper half. While
entering options for this, make sure that
bind=/exports/data is in the list and that
/exports/data is an already existing subdirectory
of /exports. Any change in the option
bind=/target/path, whether addition, deletion,
or change in value, is reflected in . This column is not directly editable column, instead
summarizing directories and their nature. After the information is
complete, click to complete the configuration
or to restart the service.
38.4.2. NFSv3 and NFSv2 Exports¶
Make sure that is not checked in the initial dialog before clicking .
The next dialog has two parts. In the upper text field, enter the
directories to export. Below, enter the hosts that should have access to
them. There are four types of host wild cards that can be set for each
host: a single host (name or IP address), netgroups, wild cards (such as
* indicating all machines can access the server), and
IP networks.
This dialog is shown in Figure 38.4, “Exporting Directories with NFSv4”. Find a more thorough explanation of these options in man exports. Click to complete the configuration.
38.4.3. Coexisting v3 and v4 Exports¶
Both NFSv3 and NFSv4 exports can coexist on a server. After enabling the
support for NFSv4 in the initial configuration dialog, those exports for
which fsid=0 and
bind=/target/path are not included in the
option list are considered v3 exports. Consider the example in
Figure 38.4, “Exporting Directories with NFSv4”. If you add another
directory, such as /data2, using then in the corresponding options list do not
mention either fsid=0 or
bind=/target/path, this export acts as a v3
export.
| |
Automatic Firewall Configuration If SuSEfirewall2 is active on your system, YaST adapts its configuration for the NFS server by enabling service when is selected. | |
38.5. Exporting File Systems Manually¶
The configuration files for the NFS export service are
/etc/exports and
/etc/sysconfig/nfs. In addition to these files,
/etc/idmapd.conf is needed for the NFSv4 server
configuration. To start or restart the services, run the commands
rcnfsserver restart and rcidmapd
restart. The NFS server depends on a running RPC portmapper.
Therefore, also start or restart the portmapper service with
rcportmap restart.
38.5.1. Exporting File Systems with NFSv4¶
NFSv4 is the latest version of NFS protocol available on SUSE Linux Enterprise 10. Configuring the directories for export with NFSv4 differs slightly from the previous versions.
38.5.1.1. The /etc/exports File¶
This file contains a list of entries. Each entry indicates a directory
that is shared and how it is shared. A typical entry in
/etc/exports consists of:
/shared/directory host(option_list)
For example:
/export 192.168.1.2(rw,fsid=0,sync) /data 192.168.1.2(rw,bind=/export/data,sync)
Those directories for which fsid=0 is specified in
the option list are called pseudo root file systems. Here, the IP
address 192.168.1.2 is used. You can use the name of the host, a wild
card indicating a set of hosts (*.abc.com,
*, etc.), or netgroups.
For a fixed set of clients, there are only two types of directories that can be NFSv4 exported:
A single directory that is chosen as the pseudo root file system. In this example,
/exportsis the pseudo root directory becausefsid=0is specified in the option list for this entry.Directories that are chosen to be bound to some an existing subdirectory of the pseudo file system. In the example entries above,
/datais such a directory that binds to an existing subdirectory (/export/data) of the pseudo file system/export.
The pseudo file system is the top level directory under which all file systems that need to be NFSv4 exported take their places. For a client or set of clients, there can only be one directory on the server configured as the pseudo root for export. For this same client or client set, multiple other directories can be exported by binding them to some existing subdirectory in the pseudo root.
38.5.1.2. /etc/sysconfig/nfs¶
This file contains a few parameters that determine NFSv4 server daemon behavior. Importantly, the parameter NFSv4_SUPPORT must be set to yes. This parameter determines whether the NFS server supports NFSv4 exports and clients.
38.5.1.3. /etc/idmapd.conf¶
Every user on a Linux machine has a name and ID. idmapd does the name-to-ID mapping for NFSv4 requests to the server and replies to the client. This must be running on both server and client for NFSv4, because NFSv4 uses only names in its communication.
Make sure that there is a uniform way in which usernames and IDs (uid) are assigned to users across machines that might probably be sharing file systems using NFS. This can be achieved by using NIS, LDAP, or any uniform domain authentication mechanism in your domain.
For proper function, the parameter Domain must be
set the same for both client and server in this file. If you are not
sure, leave the domain as localdomain in both server
and client files. A sample configuration file looks like the following:
[General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = localdomain [Mapping] Nobody-User = nobody Nobody-Group = nobody
Do not change these parameters unless you are sure of what you are
doing. For further reference, read the man page of
idmapd and idmapd.conf;
man idmapd, man idmapd.conf .
38.5.1.4. Starting and Stopping Services¶
After changing /etc/exports or
/etc/sysconfig/nfs, start or restart the NFS server
service with rcnfsserver restart. After changing
/etc/idmapd.conf, start or restart the idmapd
service with rcidmapd restart. Make sure that both
the services are running.
38.5.2. Exporting File Systems with NFSv2 and NFSv3¶
This is specific to NFSv3 and NFSv2 exports. Refer to Section 38.5.1, “Exporting File Systems with NFSv4” for exporting with NFSv4.
Exporting file systems with NFS involves two configuration files:
/etc/exports and
/etc/sysconfig/nfs. A typical
/etc/exports file entry is in the format:
/shared/directory host(list_of_options)
For example:
/export 192.168.1.2(rw,sync)
Here, the directory /export is shared with the host
192.168.1.2 with the option list rw,sync. This
IP address can replaced with a client name or set of clients using a
wild card (such as *.abc.com) or even netgroups.
For a detailed explanation of all options and their meanings, refer to the man page of exports (man exports).
After changing /etc/exports or
/etc/sysconfig/nfs, start or restart the NFS server
using the command rcnfsserver restart.
38.6. NFS with Kerberos¶
To use Kerberos authentication for NFS, GSS security must be enabled. To do so, select in the initial YaST dialog. Additionally complete the following steps:
Make sure that both the server and the client are in the same Kerberos domain. This means that they access the same KDC (Key Distribution Center) server and share their
krb5.keytabfile (the default location on any machine is/etc/krb5.keytab).Start the gssd service on the client with rcgssd start.
Start the svcgssd service on the server with rcsvcgssd start.
For further information about configuring kerberized NFS, refer to the links in Section 38.7, “For More Information”.
38.7. For More Information¶
As well as the man pages of exports,
nfs, and mount, information about
configuring an NFS server and client is available in
/usr/share/doc/packages/nfs-tils/README and these
Web documents:
Find the detailed technical documentation online at SourceForge
For instructions for setting up kerberized NFS, refer to NFS Version 4 Open Source Reference Implementation
If you have any questions on NFSv4, refer to the Linux NFSv4 Frequently Asked Questions FAQ.