From charlesreid1

(Redirected from Linux/NFS)

basics of file servers

three most common methods of sharing files on file servers:

  • network file system
  • samba
  • ssh filesystem (sshfs)

nfs works best for linux environments, but windows doesn't play nicely with nfs

samba works for linux mac os and is best for mixed environment, but has permissions issues, and make unix/linux nodes needing specific permissions confused

sshfs is mostly for sharing files between linux nodes. possible to use with windows. encrypted the same way ssh is encrypted. nothing to configure on the server except ssh. easy to create/drop connections.

nfs

if you use NFS, you will want to use the latest, version 4. it moved to tcp only (no udp), and is stateful (old version are stateless). this means file locking is part of NFS itself, and not outsourced to another utility. This makes file locking more efficient (but still imperfect).

If you need to connect to a node running an older protocol, edit the /etc/exports file and list exports. that is, declare the directories on the disk that you are making available (sharing) via NFS.

configuring nfs server

on debian based systems like ubuntu and kali:

$ apt-get install nfs-kernel-server

WARNING WARNING WARNING this will start NFS services immediately upon install.

Disable NFS service:

$ service nfs-kernel-server stop

Disable the NFS startup script:

$ update-rc.d -f nfs-kernel-server remove

to re-enable it:

$ update-rc.d nfs-kernel-server defaults

warning: this will add nfs to the startup sequence. don't forget that you have added this, and then go visit a hostile environment and share all of your files accidentally.

making stuff to share

now you will make a folder containing the files that you want to share over NFS. the recommended method is to create a dedicated directory in root for folders that will be shared via NFS.

$ mkdir /exports
$ cd /exports
$ mkdir docs/
$ mkdir images/

create /etc/exports file

Now you will create your list of shared directories in /etc/exports. Start by saving any existing exports file:

$ mv /etc/exports /etc/exports.default

Next, edit your export file. One line contains a directory and some options about how it is accessed and by whom.

/exports/docs 10.5.5.0/24(ro,no_subtree_check)
/exports/images 10.5.5.0/24(rw,no_subtree_check)

This sets the directory we are sharing, the network address we are sharing it to, and some options in parentheses. man exports has more info on the options.

We are sharing these files with any computers on the network 10.5.5.0/24 - which means that anyone outside of that network cannot mount any of these folders.

Alternative notation:

10.5.5.0/24
10.5.5.0/255.255.255.0

The first is known as CIDR notation (classless inter-domain routing).

ro = read only, rw = read adn write

If you need to make the network shares available to multiple networks:

/exports/docs 10.5.5.0/24(ro,no_subtree_check), 192.168.1.0/24(ro,no_subtree_check)

Now it is accessible to computers on two networks.

sharing files with specific computers

If you don't want to share your files with an entire network, you can be more specific - giving a single node or a list of nodes. Editing the /etc/exports file, you can do this:

/exports/docs 10.5.5.151/24(ro,no_subtree_check)

This shares files with the specific device at ip address 10.5.5.151.

With version 4, NFS can treat a directory as its export root, and create the NFS pseudo-filesystem. This is done by setting fsid=0 or fsid=root for the directory, which is done in the C<doe>/etc/exports file.

/exports *(ro,fsid=0)
/exports/docs 10.5.5.0/24(ro,no_subtree_check)
/exports/images 10.5.5.0/24(rw,no_subtree_check)

mounting NFS

Once an NFS export is available to a local machine, it can be mounted by a user.

Here, the remote machine running the NFS server is located at 10.5.5.5.

If the server is created without the *(ro,fsid=0) option set, they must know the full path to the share on the remote machine, and mount it by executing the following command.

$ mount 10.5.5.5:/exports/images /mnt/images

If the *(ro,fsid=0) option is set, the user does not need to know the full path, and can mount the directory that is on the remote machine at /exports/images by just using the images/ path.

$ mount 10.5.5.5:/images /mnt/images

editing idmapd.conf

Now edit the /etc/idmapd.conf file to set some options:

uncomment this line

# Domain = local.domain

Now start the nfs daemons:

$ service nfs-kernel-server start

the network shares should be shared and good to go.

If you edit /etc/exports, you can restart the NFS daemon and it will share any new stuff that you've added.

Alternatively, you can activate new exports wtihout restarting NFS (and potentially interrupting connections) by running the command:

$ exportfs -a


Mounting Filesystems

Mounting NFS

To mount an NFS share being shared by a server at 10.5.5.5, you would run:

$ # if the NFS root is not set:
$ mount -t nfs 10.5.5.5:/exports/docs /mnt/docs

$ # if the NFS root is set:
$ mount -t nfs 10.5.5.5:/docs /mnt/docs

to unmount:

$ umount /mnt/docs

Mounting Samba

mount // 10.5.5.5/documents -o username=dummy /mnt/samba/documents

We can also set options, like specifying the filesystem using the -f flag. For example, if we wanted to specify CIFS for the filesystem type:

mount -t cifs // 10.5.5.5/documents -o username=dummy /mnt/samba/documents

Related

Other related pages:

Linux/Networking

Linux/SSH

Linux/Samba

Linux/Automount Network Shares