Administration Guide Draft/NFS

From FedoraProject

Jump to: navigation, search

Contents

NFS

Summary

Purpose: This document covers many of the aspects of configuring and customizing NFS.

Audience: This document is designed for anyone wanting to setup NFS as an File server.

Assumptions: The Fedora OS is installed, TCP/IP and DNS is configured. User accounts have been added and the reader has access to the root password. Firewall rules are configured to allow for the proper port access, and the user has a basic understanding of vi and bash commands.

Related Documents: The InstallGuide documents the basic install of Fedora. The GettingStarted documents the basic use of Fedora and gaining access to the CLI. The DNS assists with configuring DNS for name resolution. UserAccounts documents the steps for creating users and groups. The ConfiguringServices covers configuring Services. There is a good guide to NFS, valid both for Fedora 14 and Fedora 15 in the official documentation, but it's not for total newbies.

Lead Writer: MikeDittmeier

Introduction

The Network File System, or NFS, is a daemon that allows other computers to 'mount' a disk partition on another remote computer, and access the files the same as local files and folders. Other services and daemons such as automount can be used to mount remote NFS shares without user intervention.

Package Requirements

The default NFS in Fedora versions 14 to 17 (at least) is NFSv4 (NFS, version 4). This article makes use of the following packages found in the Fedora Repository:

  • nfs-utils The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users.
  • nfs-utils-libs Support libraries that are needed by the commands and daemons the nfs-utils rpm
  • system-config-nfs system-config-nfs is a graphical user interface for creating, modifying, and deleting NFS shares.

Installation

By default NFS is already included in most fedora installations. To verify NFS is installed, type the following command:

rpm -q nfs-utils

this should output something like:

nfs-utils-1.2.6-3.fc17.x86_64

If not, then install the NFS packages by typing:

su -c 'yum install -y nfs-utils system-config-nfs'

For graphical installs, use Main Menu > Add/Remove Software. This requires the root user password to run. In the Browse tab, click on the Base System group on the left, then select the Base option on the right. Click Apply to have the software and all dependencies installed. You can customize what is installed in the Base grouping by clicking on Optional packages.

Configuring NFS

There are three main configuration files you will need to edit to set up an NFS server: /etc/exports, /etc/hosts.allow, and /etc/hosts.deny. The only file used in this section of the chapter is /etc/exports to get NFS up and running.

  • /etc/exports, Main configuration file
  • /etc/hosts.allow, Hosts to allow access
  • /etc/hosts.deny, Hosts to deny access

Creating Shares

By default NFS does not share out any folders or drive volumes. To create the first share, open a shell prompt, and enter the following command to begin editing the /etc/exports file:

su -c 'vim /etc/exports'

The vi editor window will open to what looks like a new file. This is because the /etc/exports file has no existing configuration settings at install. The format that will be used to share folders and drive volumes is straightforward:

directory hosts(options)

Here is a break down of the 2 lines listed:

  • directory, This is the directory or volume to be shared
  • hosts, This is a client computer that will have access to the share. The preferred way to list the host is by IP Address, but DNS names can be used. A group of hosts can be configured by entering an IP range such as:
/var/ftp/pub  192.168.1.0/255.255.255.0(ro)
/home/public  192.168.1.0/255.255.255.0(rw)
  • options - The options specify the kind of access mentioned hosts will have to the shared directory. Here are some of the most common options:
  • ro, read only access is granted to the Directory
  • rw, read and write access is granted to the Directory
  • no_root_squash, by default, access by a remote root users is treated as the user 'nobody'. To allow the same access to a remote 'root' account as the local root user, add this option.
Stop (medium size).png
Allowing remote root access through NFS is a major security risk. Avoid using this option unless necessary!
  • no_subtree_check, subtree checking verifies the a file being accessed is in a sub folder on the same volume. When sharing an entire drive volume, this option will speed up access to the sub-folders and files.
  • sync, By default NFS uses 'sync' transfers, so the NFS server must send an acknowledgment that the file has been written. Using the async option will speed up file transfers by disabling the acknowledgment.

To share the /var/ftp/pub folder with read only access, and with sync/no_subtree_check allowed, edit the /etc/exports file as below:

/var/ftp/pub	192.168.54.0/255.255.255.0(ro,sync,no_subtree_check)


For graphical configurations, in Fedora 15 to 17, use Activities → Applications → Other → NFS (in older versions: System Menu > Administration > Server Settings > NFS). This requires the root user password to run. Click the [Add] button. on the Basic tab Enter the directory to share or click the [Browse...] button and select the directory you want to share. Enter the host or hosts you want to have access to the share, separated by spaces.

Note.png
Using the * in the Hosts field makes the share accessible to everyone

Select the Basic Permisions by clicking the [Read-only] or [Read/Write] radio buttons.

On the General Options tab, select the [Disable subtree checking] and the [Sync write operations on request] radio buttons.

Click the [OK] button to save your changes.

In a shell prompt, enter the following command to edit the /etc/exports file and verify the changes just made:

su -c 'vim /etc/exports'

The following example should be displayed in the vi editor window:

/var/ftp/pub                   192.168.54.0/255.255.255.0(ro,sync,no_wdelay,no_subtree_check,nohide)

Exit the vi editor, and restart the NFS service to apply the changes by typing (Fedora 17):

su -c 'systemctl restart nfs-server.service'

No error message should appear.

Beware: if, as superuser ("root") you overwrite by hand the "exports" file (for instance copying a file you had saved before), or if you delete the old one and create a new one by hand, then it's probable than the SEL (Security enhanced Linux) labels of the file get wrong. In such a case (or if you suspect it's the case), you have to restore them like this:

su -c 'restorecon /etc/exports'

The same way, you should restore the SEL labels of any configuration file you have created or restored by hand, for example /etc/hosts.allow .

In older versions of Fedora (for instance Fedora 14), instead of using systemctl, you should, in order to restart NFS, type
su -c 'service nfs restart'

And the following should be returned:

Shutting down NFS mountd:                                  [  OK  ] 
Shutting down NFS daemon:                                  [  OK  ] 
Shutting down NFS quotas:                                  [  OK  ] 
Shutting down NFS services:                                [  OK  ] 
Starting NFS services:                                     [  OK  ] 
Starting NFS quotas:                                       [  OK  ] 
Starting NFS daemon:                                       [  OK  ] 
Starting NFS mountd:                                       [  OK  ] 

To add additional shares, just add an additional line in the /etc/exports file for each directory or volume that needs to be shared.

NFS Clients

There is little to do to connect a linux system to a remote NFS share. Open a shell prompt, and create the folder on which you want to mount the remote NFS share:

su -c 'mkdir /media/nfs'

Now, enter the following command to mount the remote NFS share:

Note.png
In this example, server is the nfs host
su -c 'mount server:/var/ftp/pub /media/nfs'

To verify the remote NFS share is mounted enter the following command at a shell prompt:

mount

The following line should be included in the output:

server:/var/ftp/pub on /media/nfs type nfs (rw,addr=192.168.1.10)

Now enter the following to get a directory listing of the NFS mounted directory:

ls /media/nfs

There is a distribution folder in the /var/ftp/pub folder for Fedora that is displayed:

f8

Mounting NFS Shares at boot time

To mount a NFS share permanently during system start up, edit the /etc/fstab file the same way as you would for a local file system. The file system type should be set to nfs. Specify the dump and fsck order (the last two entries), in our case set to zero for demonstration purposes. Our example /etc/fstab should look like below:

...
server:/var/ftp/pub  /media/nfs    nfs         rw           0    0

Using Automount

Another way to access remote NFS shares is to use autofs. The difference between using the autofs daemon and the /etc/fstab file is autofs will only mount the NFS share when a file or directory is requested on the NFS mount point. This will also speed up boot time by not waiting for a response from the remote NFS server.

There is a good explanation of automount, valid both for Fedora 14 and 15, in the official documentation but they just forgot to say you have to install the autofs package. To do this, in Fedora 15, go to Activities → Applications → System tools → "Add/remove software"; in the "Filters" tab, choose only "Only newest packages" and check you've the following filters: "Installed → No filter", "Development → Only end user files", "Graphical → No filter", and "Free → Only free software" (or "No filter"). Then in the "Find" field", type "autofs", click on "Find", check the package whose name begins by "autofs" (for instance "autofs-1:5.0.5-38-fc15 (x86_64)"), and eventually on "Apply". After the download and installation are complete, you can close the "Add/Remove software window".

You may also use the following command to install the autofs package:

su -c 'yum install autofs'

The master configuration for autofs is the /etc/auto.master file. Here is an example file:

#
#
/misc   /etc/auto.misc
/net    -hosts
#
#
#
+auto.master

The /misc mount is defined in a seperate file /etc/auto.misc. The /misc directory is reserver for autofs mounts. New NFS mounts should be added to the /etc/auto.misc file. Here is an example of the /etc/auto.misc file:

#

cd              -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom

To add the NFS share to the /etc/auto.misc, add the following line:

nfs		-ro,soft,intr		server:/var/ftp/pub

Save the changes made to the /etc/auto.misc file and start the autofs deamon: in Fedora 15, go to Activities → Applications → Other → Services, choose "autofs" in the list, then on the "start" button. Alternatively, you can use the following command at a shell prompt:

su -c 'service autofs start'

but this won't start the autofs daemon automatically at boot. Test the changes just made by entering the following command at a shell prompt:

ls /misc/nfs

the result should be:

f8

At this Point NFS should be up and running, and client systems should have access to the designated directories and volumes on the NFS server. To enable the NFS service during system startup, enter the following command at a shell prompt:

su -c 'chkconfig --levels 345 nfs on'

This starts the nfs service on run levels 3, 4 and 5 during start up.a