search
top

How To Setup and Use NFS on RHEL 5/6

I know this is probably old hat for a many out there but there are many newbies out there and even a few crusty admins that need to know, or be reminded how to setup NFS (Network File Sharing) to export and share files / directories on Linux systems.

There are several services that need to be running for NFS to work properly. They are portmap, nfs and nfslock. Enable the services and start them using chkconfig.

$ sudo chkconfig portmap on
 $ sudo chkconfig nfs on
 $ sudo chkconfig nfslock on

Now let’s fire them up!

$ sudo service portmap start
 $ sudo service nfs start
 $ sudo service nfslock start

So let’s see if they are running and running correctly. We can achieve this by running rpcinfo -p command.

$ sudo rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100011    1   udp    624  rquotad
    100011    2   udp    624  rquotad
    100011    1   tcp    627  rquotad
    100011    2   tcp    627  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   udp  10180  nlockmgr
    100021    3   udp  10180  nlockmgr
    100021    4   udp  10180  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   tcp  26899  nlockmgr
    100021    3   tcp  26899  nlockmgr
    100021    4   tcp  26899  nlockmgr
    100005    1   udp    639  mountd
    100005    1   tcp    642  mountd
    100005    2   udp    639  mountd
    100005    2   tcp    642  mountd
    100005    3   udp    639  mountd
    100005    3   tcp    642  mountd
    100024    1   udp    796  status
    100024    1   tcp    799  status

Now that things are running, it’s time to add the export. Open /etc/exports file and add the directory and access parameters. In this case I am adding rw and sync and only allowing a specific IP to access the share. This is ok for your home systems, but for an environment that it secure you will need to restrict this access further. We achieve this with /etc/hosts.allow, /etc/hosts.deny. First we deny them all and allow who we want.

Open /etc/hosts.deny and add:

portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL

As of now no one can get to your NFS server so lets grant some access. Open /etc/hosts.allow and use the following format for the entries.

daemon list : user pattern@host pattern

Since I want to give to a single system I could just add the IP so the entry would be:

portmap : 192.168.1.30
lockd   : 192.168.1.30
mountd  : 192.168.1.30
rquotad : 192.168.1.30
statd   : 192.168.1.30

But I would like to allow all of 192.168.1.0 subnet to to have access to the server and limit access to the share. This is accomplished by adding 192.168.1.0/255.255.255.

portmap : 192.168.1.0/255.255.255
lockd   : 192.168.1.0/255.255.255
mountd  : 192.168.1.0/255.255.255
rquotad : 192.168.1.0/255.255.255
statd   : 192.168.1.0/255.255.255

Now lets create the export.

$ sudo vi /etc/exports
/myfiles        192.168.1.30(rw,root squash)

This is a good setting for the export. We have set set it to be accessed by a specific system and set to read write access and protected files from client root access. What  this means is after having successfully cracked the client root password, may become root but still cannot access or change files that only root can. With squash it means that the root user will have the same access as user nobody. Restart nfs service.

$ sudo service nfs restart

Ok, now we go to the target server and create the mount point and directory. For the mount I want to stay with /myfiles. So create the directory on the system. Change the permissions on the directory the person accessing them can get to them.As with the source server you need to make sure portmap and nfslok are running and set to run at restart. Follow the same process to enable and start the services.

Now lets test the mount.

$ sudo mount -t nfs -o rw srcsvr:/myfiles /myfiles

You should now be able to access any files in the directory. That will work for short term and it tests the connection. Un-mount the nfs mount and lets make an entry in /etc/fstab to make this permanent.

$ sudo vi /etc/fstab
 srcsver:/myfiles /myfiles nfs _netdev,rw,tcp,intr,hard,rsize=65536,wsize=65536

So what does this all mean? Well there are up to six options in fstab in which a minimum of four are required. They are:

  • device
  • mount point
  • fs type
  • options
  • dump
  • check order

The minimum 4 are device, mount point, fs type and check order. here are the options used in the example above.

  • _netdev – The  device holding the filesystem requires network access. Do not mount until the network has been enabled.
  • tcp — Specifies for the NFS mount to use the TCP protocol
  • rsize=num and wsize=num — These settings speed up NFS communication for reads (rsize) and writes (wsize) by setting a larger data block size, in bytes, to be transferred at one time. Be careful when changing these values; some older Linux kernels and network cards do not work well with larger block sizes. For NFSv2 or NFSv3, the default values for both parameters is set to 8192. For NFSv4, the default values for both parameters is set to 32768.
  • hard or soft — Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error (soft). If hard is specified, the user cannot terminate the process waiting for the NFS communication to resume unless the intr option is also specified. If soft is specified, the user can set an additional timeo=<value> option, where <value> specifies the number of seconds to pass before the error is reported.
  • intr — Allows NFS requests to be interrupted if the server goes down or cannot be reached.

Save the changes and see if the mount works.

$ sudo mount /myfiles

Ok, that wasn’t so painful and us crusty admin’s now remember and the up and coming admin’s now have another tool in their arsenal.

Leave a Reply

Your email address will not be published. Required fields are marked *

top