| |
@@ -17,7 +17,7 @@
|
| |
|
| |
The objective of this guide is how to setup __NFS Server__ on a Fedora Server Edition. For information on how to setup the client part, consult your OS's documentation.
|
| |
|
| |
- NFS is a Network service in Linux used to share the files and directories of the Server to users (clients) on the network. It allows clients to _mount_ a remote directory or complete filesystem over a network and interact with it much like local storage is accessed. It is the same principöle as Map Drive in Windows Systems. One of it most used benefits is to store and access data on central location.
|
| |
+ NFS is a Network service in Linux used to share the files and directories of the Server to users (clients) on the network. It allows clients to _mount_ a remote directory or complete filesystem over a network and interact with it much like local storage is accessed. It is the same principle as Map Drive in Windows Systems. One of it most used benefits is to store and access data on central location.
|
| |
|
| |
The NFS Protocol was first introduced by Sun Microsystem in 1984. The protocol has evolved from its origins. Over the years, new versions have been released, adding new features. Currently, NFS v4.2 is the current version. Perhaps most practically significant is the optional user identification as well as a virtual ROOT.
|
| |
|
| |
@@ -28,7 +28,7 @@
|
| |
|
| |
== Preparation
|
| |
|
| |
- There are thre packages which provide basic support for kernel space NFS:
|
| |
+ There are three packages which provide basic support for kernel space NFS:
|
| |
|
| |
nfs-utils::
|
| |
is the main package and provides a daemon for the kernel NFS server and related tools. It also contains the _showmount_ program to query the mount daemon on a remote host for available ressources, eg listing the clients which are mounted on that host. It also contains the mount.nfs and umount.nfs programs.
|
| |
@@ -37,16 +37,16 @@
|
| |
sssd-nfs-idmap::
|
| |
SSSD plug-in provides a way for rpc.idmapd to call SSSD to map UIDs/GIDs to names and vice versa. It can be also used for mapping principal (user) name to IDs(UID or GID) or to obtain groups which user are member of.
|
| |
|
| |
- Ensure htat these packages are really installed.
|
| |
+ Ensure that these packages are really installed.
|
| |
[source,]
|
| |
----
|
| |
- […]$ rpm -qa | grep nfs
|
| |
+ […]$ rpm -qa | grep nfs
|
| |
libnfsidmap-2.6.2-2.rc6.fc37
|
| |
sssd-nfs-idmap-2.8.2-1.fc37
|
| |
nfs-utils-2.6.2-2.rc6.fc37
|
| |
----
|
| |
|
| |
- If it is missing, then a system administrator can simply reinstall it.
|
| |
+ If a package missing, then a system administrator can simply reinstall it.
|
| |
|
| |
|
| |
=== Organizing storage
|
| |
@@ -72,7 +72,7 @@
|
| |
|
| |
2. *Create a user and group nfs*
|
| |
+
|
| |
- As already stated, nfs döş not provide a user authentication. A common way is to either use the same UID/GID for a given user on all devices on the network or to map every client to user nobody and make the export files read- and writable for everybody, i.e. for any user of the system. The former is difficult to achieve without a central logon instance, and the latter is at best inconvenient from a security point of view. So we use a pseudo user without a home directory and without a login shell, who owns all exported files and directories by default.
|
| |
+ As already stated, nfs does not provide user authentication. A common way is to either use the same UID/GID for a given user on all devices on the network or to map every client to user nobody and make the export files read- and writable for everybody, i.e. for any user of the system. The former is difficult to achieve without a central logon instance, and the latter is at best inconvenient from a security point of view. So we use a pseudo user without a home directory and without a login shell, who owns all exported files and directories by default.
|
| |
+
|
| |
[source,]
|
| |
----
|
| |
@@ -281,7 +281,7 @@
|
| |
/etc/nfs/common *(rw,sync)
|
| |
----
|
| |
|
| |
- ==== Conection options
|
| |
+ ==== Connection options
|
| |
|
| |
Each default for every exported file system must be explicitly overridden. For example, if the rw option is not specified, then the exported file system is shared as read-only.
|
| |
|
| |
@@ -347,6 +347,8 @@
|
| |
|
| |
For example, the following commands could be executed on an NFSv4 server:
|
| |
|
| |
+ [source,]
|
| |
+ ----
|
| |
mkdir /exports
|
| |
mkdir /exports/opt
|
| |
mkdir /exports/etc
|
| |
@@ -355,43 +357,50 @@
|
| |
exportfs -o fsid=0,insecure,no_subtree_check gss/krb5p:/exports
|
| |
exportfs -o rw,nohide,insecure,no_subtree_check gss/krb5p:/exports/opt
|
| |
exportfs -o rw,nohide,insecure,no_subtree_check gss/krb5p:/exports/etc
|
| |
+ ----
|
| |
|
| |
In this example, clients are provided with multiple file systems to mount, by using the --bind option which creates unbreakeable links.
|
| |
|
| |
Because of the pseudo-file systems feature, NFS version 2, 3 and 4 export configurations are not always compatible. For example, given the following directory tree:
|
| |
|
| |
-
|
| |
+ [source,]
|
| |
+ ----
|
| |
/home
|
| |
/home/sam
|
| |
/home/john
|
| |
/home/joe
|
| |
+ ----
|
| |
|
| |
and the export:
|
| |
|
| |
-
|
| |
+ [source,]
|
| |
+ ----
|
| |
/home *(rw,fsid=0,sync)
|
| |
-
|
| |
+ ----
|
| |
|
| |
Using NFS version 2,3 and 4 the following would work:
|
| |
|
| |
-
|
| |
+ [source,]
|
| |
+ ----
|
| |
mount server:/home /mnt/home
|
| |
ls /mnt/home/joe
|
| |
-
|
| |
+ ----
|
| |
|
| |
Using v4 the following would work:
|
| |
|
| |
-
|
| |
+ [source,]
|
| |
+ ----
|
| |
mount -t nfs4 server:/ /mnt/home
|
| |
ls /mnt/home/joe
|
| |
-
|
| |
+ ----
|
| |
|
| |
The difference being "server:/home" and "server:/". To make the exports configurations compatible for all version, one needs to export (read only) the root filesystem with an fsid=0. The fsid=0 signals the NFS server that this export is the root.
|
| |
|
| |
-
|
| |
+ [source,]
|
| |
+ ----
|
| |
/ *(ro,fsid=0)
|
| |
/home *(rw,sync,nohide)
|
| |
-
|
| |
+ ----
|
| |
|
| |
Now with these exports, both "mount server:/home /mnt/home" and "mount -t nfs server:/home /mnt/home" will work as expected.
|
| |
|
| |
