Network File Sharing. Module - Network File Sharing. Overview This module focuses on configuring Network File System (NFS) for servers and clients. This enables clients to share files across Linux and UNIX networks. Lessons covered in this module Introduction to NFS
This module focuses on configuring Network File System (NFS) for servers and clients. This enables clients to share files across Linux and UNIX networks.
Lessons covered in this module
Introduction to NFS
Configuring NFS Server
Configuring NFS Client
The NFS is a method of sharing files. It provides local access to remote disks and file systems. Its proper understanding will help in sharing files and directories on other systems in a different city or country.
Topics covered in this lesson
Merits and Demerits
NFS has client/server architecture. The NFS server has consists of physical disks that contain the shared file systems. NFS daemons show and provide them to users on the network.
The NFS daemons provide remote access to the exported file systems, enable file locking and help enforce quotas on the NFS exports.
An NFS client has only to mount the exported files locally into a file system called an NFS mount.
NFS is also used to store users' home directories on a central server and to mount them when users log in or boot their systems.
The considerations for a good NFS installation
Take into account site-specific need
Decide which file systems to export
Determine the amount of data to be shared
Understand the underlying network you will use
Other network services to be provided
The number and type of servers and clients
Installation involves configuring the exports and starting the daemons, testing to ensure that the naming convention and mounting scheme work properly and monitoring.
NFS provides centralized control, maintenance, and administration.
It is easier to back up file systems stored on a single server.
NFS conserves disk space and prevent duplication of resources.
Log in and access the home directories from any system.
Protect important data by storing it on an NFS mounted file system.
Sensitive to network congestion, heavy network traffic slows it down.
Heavy disk activity on server reduces performance speed.
If the disk or server crashes that resource becomes inaccessible.
Potential security problems and unsafe across the Internet.
Configuring NFS server involves understanding the contents, format and options of configuration files. These determine the characteristics of the exported file systems and affect the performance of NFS.
Topics covered in this lesson
Server Scripts and Commands
The NFS server configuration file is /etc/exports. It has a list of file systems to export, the clients permitted to mount them, and the export options. Each line in /etc/exports has the following format:
dir [host] (options) [ .……]
dir indicates a directory to export, host denotes the hosts permitted to mount dir, and options denotes mount options. If there is space between hostname and options it will make the directory world accessible. The options determine the characteristics of the exported file system
NFS Server Daemons
lockd starts NFS lock manager in the kernel
mountd is used to process mount requests from NFS clients
nfsd is responsible for all NFS services other than file locking and quota management
portmap informs about the NFS services available on any particular NFS server
rquotad informs about file system quota of NFS exports to clients
statd is used for lock recovery if an NFS server crashes
portmap maps calls from other devices to the correct RPC service
nfsd translates NFS requests into requests on the local file system
rpc.mountd is for mounting and unmounting file systems
exportfs -r updates the server's shared files list in /etc/exports.
exportfs -v displays list of shares and options on a server.
exportfs -a exports shared files listed in /etc/exports.
exportfs -u unexports all files without arguments.
showmount –e localhost shows the shared files on the host.
In order to be able to use NFS services the client system should be configured. This helps in determining the various options for sharing files across the network and security issues.
Topics covered in this lesson
NFS is implemented in client machines as a kernel module. Network mounts are specified /etc/fstab file. NFS shared files are mounted at boot time by /etc/rc.d/init.d/nfs . autofs can be used to mount and unmount NFS shared files.
NFS options in /etc/fstab :
rsize=8192 and wsize=8192 speed up NFS throughput
soft returns with an error on a failed I/O attempt
hard will block if you try to access an unshared file
intr interrupts or kills NFS requests if server is unreachable
nolock disables file locking (lockd) and allows interoperation with other NFS servers
The easiest way to mount NFS exports is to use autofs. This automatically mounts file systems. autofs uses the automount daemon to mount and unmount file systems configured to control. autofs uses a master map file, /etc/auto.master to associate mount points with secondary map files.
The secondary map file defines the mount options for file systems mounted under the corresponding directory. Each line in a secondary map file has the general form:
root@ server1~]# localdir [-[options]] remotefs
localdir is the directory beneath the NFS mount point. remotefs specifies the host and pathname of the NFS mount.
The /etc/exports file is a weak point in NFS.
Use host access control to limit access to services
Use of IP packet firewalls and netfilter or TCP Wrappers increase NFS server security
Always use the root_squash option in /etc/exports
All critical files should be owned by root
Export file systems using the all_squash option
Disable SUID root programs on NFS mounts with the nosuid option.
Entering a user name as the anonymous user when the option requires a UID number (such as 505).
The name of the computer being allowed to share the directory failing to have its address resolved.
If there is a process holding the directory open it should be killed to unmount.
Mount Failures - reasons
Wrong share Information
Firewalls blocking NFS ports
Directory is not being accessed.
You don't have proper permission
Configuring NFS to share users home directory with the server has read-write.
NFS monitoring is necessary to export file systems, network security and satisfactory performance. NFS has potential security problems and is unsafe across the Internet.
NFS services daemons portmap, mountd, nfsd, statd, lockd, and rquotad. NFS commands configure the server with access permissions and export characteristics.
nosuid option, file locking, TCP wrappers, and packet filters can ensure security for NFS clients. Mount, unmount and export failures can occur in NFS due to wrong share information or firefalls.
Question and Answer Session