Difference between revisions of "NFS"
m |
|||
| Line 2: | Line 2: | ||
= NFS Configuration = | = NFS Configuration = | ||
| + | == /etc/exports == | ||
| + | |||
| + | The /etc/exports file tells what should be exported. The syntax of this file is fairly straightforward. Each entry should contain the path to the directory you want to export followed by a list of hosts or IP address ranges that are allowed to access that export. Options are set per host or IP range in parentheses. You can use a backslash as a line continuation indicator to break up long lines. Here is an example from [[Taro]]: | ||
| + | |||
| + | /data @servers(rw,sync) @npg_clients(rw,sync) \ | ||
| + | 10.0.0.0/24(rw,no_root_squash,sync) | ||
| + | |||
| + | Entries that start with an ampersand (@) refer to NetGroups that are defined in [[LDAP]]. You can see which hosts are members of a netgroup with this command: | ||
| + | |||
| + | getent netgroup group_name | ||
| + | |||
| + | Here are some details on the more common export options: | ||
| + | |||
| + | ; rw : Mounts the directory as read/write | ||
| + | ; ro : Mounts the directory as read only | ||
| + | ; sync : Reply to requests only after the changes have been committed to stable storage (it is a good idea to always use this to protect against lost or corrupted data due to a server crash. | ||
| + | ; no_root_squash : Does not allow root on the local machine to have root access to files on the network share. Probably a good idea for security reasons. Set this unless you have a significantly good reason not to. | ||
| − | |||
* Need to edit the /etc/sysconfig/nfs file to pin the ports (see [[iptables]]) | * Need to edit the /etc/sysconfig/nfs file to pin the ports (see [[iptables]]) | ||
* Need to set "nfs" and "nfslock" to start automatically for runlevels 3,5 | * Need to set "nfs" and "nfslock" to start automatically for runlevels 3,5 | ||
Revision as of 02:08, 23 November 2010
(This is still too brief)
NFS Configuration
/etc/exports
The /etc/exports file tells what should be exported. The syntax of this file is fairly straightforward. Each entry should contain the path to the directory you want to export followed by a list of hosts or IP address ranges that are allowed to access that export. Options are set per host or IP range in parentheses. You can use a backslash as a line continuation indicator to break up long lines. Here is an example from Taro:
/data @servers(rw,sync) @npg_clients(rw,sync) \
10.0.0.0/24(rw,no_root_squash,sync)
Entries that start with an ampersand (@) refer to NetGroups that are defined in LDAP. You can see which hosts are members of a netgroup with this command:
getent netgroup group_name
Here are some details on the more common export options:
- rw
- Mounts the directory as read/write
- ro
- Mounts the directory as read only
- sync
- Reply to requests only after the changes have been committed to stable storage (it is a good idea to always use this to protect against lost or corrupted data due to a server crash.
- no_root_squash
- Does not allow root on the local machine to have root access to files on the network share. Probably a good idea for security reasons. Set this unless you have a significantly good reason not to.
- Need to edit the /etc/sysconfig/nfs file to pin the ports (see iptables)
- Need to set "nfs" and "nfslock" to start automatically for runlevels 3,5
To check what ports NFS is using issue an
rpcinfo -p localhost
A full restart of the nfs related system
service portmap restart service nfs restart service rpcsvcgssd restart
Issues
Occasionally, issues crop up due to network-mounted home directories. Some applications, like firefox, don't behave properly. It seems to strike everyone at once when it does, and the solution so far has been to restart the nfs service. CIS has related issues with their CIFS-based home directories.
