Setting Up the NFS Server Configuration Files by Hand

If you want to manage the NFS server by hand, you use two configuration files. First, you use the /etc/exports file to configure all the NFS shares you want to offer from your NFS server. Second, you use the /etc/sysconfig/nfs file to provide a couple of parameters to the NFS server that determine the way the server offers its services.

The file /etc/exports defines the NFS shares. The generic structure of the lines where this happens is as follows:

directory hosts(options)

In this, directory is the name of the directory you would like to share, for example /share. Next, hosts refers to the hosts you want to grant access to that directory. You can use the following for the host specification:

• The name of an individual host, either its short name (such as SFO) or its fully qualified domain name (such as SFO.sandervanvugt.com)

• The IP address of an individual host

• A network referred to by its name, for example *.mydomain.com

• A network referred to by a combination of IP address and subnet mask, for example 192.168.10.0/255.255.255.0

• All networks, referred to by an asterisk

After indicating which hosts are granted access to your server, you need to specify the options with which you want to give access to the NFS share. Table 15-1 lists some of the most used options.

Table 15-1. Commonly Used NFS Options

Option

Meaning ro The file system is exported as a read-only file system. No matter what local permissions the user has, writing to the file system is denied at all times.

rw The file system is exported as a read-write file system. Users can read and write files to the directory if they have sufficient permissions on the local file system to do that.

root_squash The user ID of user root is mapped to the user ID 65534, which is mapped to the user nobody by default. This default behavior ensures that a user who is mounting an NfS mount as user root on the workstation does not have root access to the directory on the server.

no_root_squash With this option, there is no limitation for the root user. He will just have root permissions on the server as well. Note that using this option may impose a security risk for your NFS server.

all_squash Use this option if you want to limit the permissions of all users accessing the

NFS share. With these options, all the users will have the permissions of user nobody on the NFS share. Use this option if you want extra security on your NFS share and the share is meant to be a read-only share anyway.

sync This option makes sure that changes to files have been written to the file system before others are granted access to the same file. In recent versions of NFS, this option is on by default.

This is an example of how these parameters are used in /etc/exports: /data *(rw,root_squash)

Tip After all changes to the /etc/exports file, you must restart the NFS server using the rcnfsserver restart command. NFS is one of those older Unix services that reads its configuration only on start-up.

The second file where you can tune NFS parameters is the /etc/sysconfig/nfs file. By default, this file contains four parameters that determine how your NFS server starts. Table 15-2 summarizes these parameters and their meanings.

Table 15-2. Sysconfig Parameters for NFS Parameter Meaning

USE_KERNEL_NFSD_NUMBER The number of threads that must be started when the NFS server is started. By default four NFS servers (the so-called threads) are started; if you have a busy NFS server, consider increasing this number.

MOUNTD_PORT By default, the NFS mountd process that makes connecting to NFS

shares possible gets a random port from the portmapper process. Since that is difficult to manage in an environment where a firewall is used, you can use this parameter to specify a fixed port for the mountd process.

NFS_SECURITY_GSS In version 4, you can secure the NFS server with RPCSEC_GSS security.

This parameter specifies whether this feature is needed. By default, it is off.

NFS4_SUPPORT Use this option to specify whether support for NFS 4 is required. By default, version 4 is supported, and it's a good idea to keep it that way.

Listing 15-2 shows how these options are applied in the /etc/sysconfig/nfs file.

Listing 15-2. NFS Server Start-Up Parameters in /etc/sysconfig/nfs SFO:/etc/sysconfig # cat nfs

## ServiceRestart: #

# the kernel nfs-server supports multiple server threads

USE KERNEL NFSD NUMBER="4"

Network/File systems/NFS server number of threads for kernel nfs server integer 4

nfsserver

Network/File systems/NFS server use fixed port number for mountd integer nfsserver

## ServiceRestart: #

# Only set this if you want to start mountd on a fixed

# port instead of the port assigned by rpc. Only for use

# to export nfs-filesystems through firewalls.

MOUNTD PORT=""

## ServiceRestart: #

# Enable RPCSEC_GSS security for NFS (yes/no)

NFS SECURITY GSS="no"

Network/File systems/NFS server

GSS security for NFS

yesno yes gssd

## ServiceRestart: #

# Enable NFSv4 support (yes/no)

NFS4_SUPPORT="yes"

Network/File systems/NFS server

NFSv4 protocol support yesno yes idmapd

Was this article helpful?

0 0

Post a comment