Quick setup of network file system on localhost:
Download following packages:
for server:
$ sudo apt-get install nfs-kernel-server
for client:
$ sudo apt-get install nfs-common
once done installing, configure your /etc/exports file. Here's mine:
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/home/sahilsk/Downloads 192.168.0.0/255.255.255.0(rw) localhost(rw)
~
syntax:
directory machine1(opntionxx,optionyy) machine2(optionxx, optionyy)
directory: directory you wanna share across multimachines :machine1, machine2
machine1: clients/slave machine that have access to this shared directory
optionxx: read/write access to directory .
ro: directory shared read only
rw: read and write
optionyy: more options
no_root_squash : By defaultIf no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server. This can have serious security implications, although it may be necessary if you want to perform any administrative work on the client machine that involves the exported directories. You should not specify this option without a good reason.
no_subtree_check: If only part of a volume is exported , a routine called subtree checking verifies that a fie that is requested from the client is in the appropriate part of the volume. If the entire volume is exported, disabling this check will speed up transfer.
sync/async: by default all recent version of exportfs uses async behaviour.
some eg. entries:
/home/sahilsk/Downloads 192.168.0.1(ro) 192.168.10.2(ro)
/home/sahilsk/Downloads 192.168.1.1(rw , no_root_squash)
/home/sahilsk/Download 192.168.1.1(rw) localhost(rw)
If you wanted to allow access to all the machines with ip addresses between 192.168.0.0 and 192.168.0.255, then
/home/sahilsk/Downloads 192.168.0.0/255.255.255.0.0(ro)
Everytime you make changes to your exports file, run this command :
$ exportfs -r
Now run your nfs server in the following order:
for debian:
$ sudo portmap
$ sudo /etc/init.d/nfs-kernel-server start
for other distributions:
$ /etc/init.d/nfs start
$ /etc/init.d/nfslock start
To confirm :
$ rpcinfo -p
$ ps -A | grep "nfs"
------------------------
Now you're done setting up nfs server/client on your local system. Lets test it
Mounting of shared aka nfs on a directory /media/a. (if "/media/a" doesn't exist creat it $ mkdir /media/a")
$ sudo mount -t nfs localhost:/home/sahilsk/Downloads /media/a
If you try to mount unshared file system eg /home/sahilsk/Desktop, you'll get error.
root@dragonaider:/home/sahilsk# mount -t nfs localhost:/home/sahilsk/Desktop /media/b
mount.nfs: rpc.statd is not running but is required for remote locking.
mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
mount.nfs: rpc.statd is not running but is required for remote locking.
mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
mount.nfs: an incorrect mount option was specified
Download following packages:
for server:
$ sudo apt-get install nfs-kernel-server
for client:
$ sudo apt-get install nfs-common
once done installing, configure your /etc/exports file. Here's mine:
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/home/sahilsk/Downloads 192.168.0.0/255.255.255.0(rw) localhost(rw)
~
syntax:
directory machine1(opntionxx,optionyy) machine2(optionxx, optionyy)
directory: directory you wanna share across multimachines :machine1, machine2
machine1: clients/slave machine that have access to this shared directory
optionxx: read/write access to directory .
ro: directory shared read only
rw: read and write
optionyy: more options
no_root_squash : By defaultIf no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server. This can have serious security implications, although it may be necessary if you want to perform any administrative work on the client machine that involves the exported directories. You should not specify this option without a good reason.
no_subtree_check: If only part of a volume is exported , a routine called subtree checking verifies that a fie that is requested from the client is in the appropriate part of the volume. If the entire volume is exported, disabling this check will speed up transfer.
sync/async: by default all recent version of exportfs uses async behaviour.
some eg. entries:
/home/sahilsk/Downloads 192.168.0.1(ro) 192.168.10.2(ro)
/home/sahilsk/Downloads 192.168.1.1(rw , no_root_squash)
/home/sahilsk/Download 192.168.1.1(rw) localhost(rw)
If you wanted to allow access to all the machines with ip addresses between 192.168.0.0 and 192.168.0.255, then
/home/sahilsk/Downloads 192.168.0.0/255.255.255.0.0(ro)
Everytime you make changes to your exports file, run this command :
$ exportfs -r
Now run your nfs server in the following order:
$ portmap$ rpc.mountd$ rpc.nfsd$ rpc.lockd
for debian:
$ sudo portmap
$ sudo /etc/init.d/nfs-kernel-server start
for other distributions:
$ /etc/init.d/nfs start
$ /etc/init.d/nfslock start
To confirm :
$ rpcinfo -p
$ ps -A | grep "nfs"
------------------------
Now you're done setting up nfs server/client on your local system. Lets test it
Mounting of shared aka nfs on a directory /media/a. (if "/media/a" doesn't exist creat it $ mkdir /media/a")
$ sudo mount -t nfs localhost:/home/sahilsk/Downloads /media/a
If you try to mount unshared file system eg /home/sahilsk/Desktop, you'll get error.
root@dragonaider:/home/sahilsk# mount -t nfs localhost:/home/sahilsk/Desktop /media/b
mount.nfs: rpc.statd is not running but is required for remote locking.
mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
mount.nfs: rpc.statd is not running but is required for remote locking.
mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
mount.nfs: an incorrect mount option was specified
Now, you'r done. You've nfs running. :D
Security Issue:
An NFS server should be well hidden behind a firewall, and any Internet server exposed to the Internet should never run the portmap or RPC services. Preferably uninstall all of these services if you are not actually running an NFS server.
No comments:
Post a Comment