basics of file servers
three most common methods of sharing files on file servers:
- network file system
- ssh filesystem (sshfs)
nfs works best for linux environments, but windows doesn't play nicely with nfs
samba works for linux mac os and is best for mixed environment, but has permissions issues, and make unix/linux nodes needing specific permissions confused
sshfs is mostly for sharing files between linux nodes. possible to use with windows. encrypted the same way ssh is encrypted. nothing to configure on the server except ssh. easy to create/drop connections.
if you use NFS, you will want to use the latest, version 4. it moved to tcp only (no udp), and is stateful (old version are stateless). this means file locking is part of NFS itself, and not outsourced to another utility. This makes file locking more efficient (but still imperfect).
If you need to connect to a node running an older protocol, edit the
/etc/exports file and list exports. that is, declare the directories on the disk that you are making available (sharing) via NFS.
configuring nfs server
on debian based systems like ubuntu and kali:
$ apt-get install nfs-kernel-server
WARNING WARNING WARNING this will start NFS services immediately upon install.
Disable NFS service:
$ service nfs-kernel-server stop
Disable the NFS startup script:
$ update-rc.d -f nfs-kernel-server remove
to re-enable it:
$ update-rc.d nfs-kernel-server defaults
warning: this will add nfs to the startup sequence. don't forget that you have added this, and then go visit a hostile environment and share all of your files accidentally.
now you will make a folder containing the files that you want to share over NFS. the recommended method is to create a dedicated directory in root for folders that will be shared via NFS.
$ mkdir /exports $ cd /exports $ mkdir docs/ $ mkdir images/
create /etc/exports file
Now you will create your list of shared directories in
/etc/exports. Start by saving any existing exports file:
$ mv /etc/exports /etc/exports.default
Next, edit your export file. One line contains a directory and some options about how it is accessed and by whom.
/exports/docs 10.5.5.0/24(ro,no_subtree_check) /exports/images 10.5.5.0/24(rw,no_subtree_check)
This sets the directory we are sharing, the network address we are sharing it to, and some options in parentheses.
man exports has more info on the options.
We are sharing these files with any computers on the network 10.5.5.0/24 - which means that anyone outside of that network cannot mount any of these folders.
The first is known as CIDR notation (classless inter-domain routing).
ro = read only, rw = read adn write
If you need to make the network shares available to multiple networks:
/exports/docs 10.5.5.0/24(ro,no_subtree_check), 192.168.1.0/24(ro,no_subtree_check)
Now it is accessible to computers on two networks.
If you don't want to share your files with an entire network, you can be more specific - giving a single node or a list of nodes. Editing the
/etc/exports file, you can do this:
This shares files with the specific device at ip address
With version 4, NFS can treat a directory as its export root, and create the NFS pseudo-filesystem. This is done by setting
fsid=root for the directory, which is done in the C<doe>/etc/exports</code> file.
/exports *(ro,fsid=0) /exports/docs 10.5.5.0/24(ro,no_subtree_check) /exports/images 10.5.5.0/24(rw,no_subtree_check)
Once an NFS export is available to a local machine, it can be mounted by a user.
Here, the remote machine running the NFS server is located at 10.5.5.5.
If the server is created without the
*(ro,fsid=0) option set, they must know the full path to the share on the remote machine, and mount it by executing the following command.
$ mount 10.5.5.5:/exports/images /mnt/images
*(ro,fsid=0) option is set, the user does not need to know the full path, and can mount the directory that is on the remote machine at
/exports/images by just using the
$ mount 10.5.5.5:/images /mnt/images
Now edit the
/etc/idmapd.conf file to set some options:
uncomment this line
# Domain = local.domain
Now start the nfs daemons:
$ service nfs-kernel-server start
the network shares should be shared and good to go.
If you edit
/etc/exports, you can restart the NFS daemon and it will share any new stuff that you've added.
Alternatively, you can activate new exports wtihout restarting NFS (and potentially interrupting connections) by running the command:
$ exportfs -a
To mount an NFS share being shared by a server at 10.5.5.5, you would run:
$ # if the NFS root is not set: $ mount -t nfs 10.5.5.5:/exports/docs /mnt/docs $ # if the NFS root is set: $ mount -t nfs 10.5.5.5:/docs /mnt/docs
$ umount /mnt/docs
mount // 10.5.5.5/documents -o username=dummy /mnt/samba/documents
We can also set options, like specifying the filesystem using the -f flag. For example, if we wanted to specify CIFS for the filesystem type:
mount -t cifs // 10.5.5.5/documents -o username=dummy /mnt/samba/documents
Other related pages:
Networkingpages and notes about computer networks.
Man in the Middle attack vectors on wired networks: Man in the Middle/Wired
Packet analysis with Wireshark: Packet Analysis
Linux networking: Linux/Networking
Using Aircrack: Aircrack
Many Ways to Crack a Wifi: Cracking Wifi
Notes on OpenVPN: OpenVPN
Setting Up a Static Key VPN: OpenVPN/Static Key
IP Version 6: IPv6
Flags · Template:NetworkingFlag · e
GNU/Linux/Unixthe concrete that makes the foundations of the internet.
Command Line Utilities
Flags · Template:UnixFlag · e
linux networkingall the pages for linux networking
Diagnosing network interfaces: Linux/Network Interfaces
Connecting to nodes with ssh: Linux/SSH
Bridging networks with ssh tunnels: Linux/SSH
Linux file server nfs/smb/sshfs: Linux/File Server
Samba on linux: Linux/Samba
Automounting network shares on linux: Linux/Automount Network Shares
Monitoring system resources: Linux/System Monitoring
Linux systemd: Linux/Systemd
IP Schema (ipcalc): Linux/IP Schema
DHCP Server: Linux/DHCP
DNS Server: Linux/DNS
NTP Server: Linux/NTP
Flags · Template:LinuxNetworkingFlag · e