How To Setup and Use NFS on RHEL 5/6
I know this is probably old hat for a many out there but there are many newbies out there and even a few crusty admins that need to know, or be reminded how to setup NFS (Network File Sharing) to export and share files / directories on Linux systems.
There are several services that need to be running for NFS to work properly. They are portmap, nfs and nfslock. Enable the services and start them using chkconfig.
$ sudo chkconfig portmap on $ sudo chkconfig nfs on $ sudo chkconfig nfslock on
Now let’s fire them up!
$ sudo service portmap start $ sudo service nfs start $ sudo service nfslock start
So let’s see if they are running and running correctly. We can achieve this by running rpcinfo -p command.
$ sudo rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100011 1 udp 624 rquotad 100011 2 udp 624 rquotad 100011 1 tcp 627 rquotad 100011 2 tcp 627 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 10180 nlockmgr 100021 3 udp 10180 nlockmgr 100021 4 udp 10180 nlockmgr 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100021 1 tcp 26899 nlockmgr 100021 3 tcp 26899 nlockmgr 100021 4 tcp 26899 nlockmgr 100005 1 udp 639 mountd 100005 1 tcp 642 mountd 100005 2 udp 639 mountd 100005 2 tcp 642 mountd 100005 3 udp 639 mountd 100005 3 tcp 642 mountd 100024 1 udp 796 status 100024 1 tcp 799 status
Now that things are running, it’s time to add the export. Open /etc/exports file and add the directory and access parameters. In this case I am adding rw and sync and only allowing a specific IP to access the share. This is ok for your home systems, but for an environment that it secure you will need to restrict this access further. We achieve this with /etc/hosts.allow, /etc/hosts.deny. First we deny them all and allow who we want.
Open /etc/hosts.deny and add:
portmap:ALL lockd:ALL mountd:ALL rquotad:ALL statd:ALL
As of now no one can get to your NFS server so lets grant some access. Open /etc/hosts.allow and use the following format for the entries.
daemon list : user pattern@host pattern
Since I want to give to a single system I could just add the IP so the entry would be:
portmap : 192.168.1.30 lockd : 192.168.1.30 mountd : 192.168.1.30 rquotad : 192.168.1.30 statd : 192.168.1.30
But I would like to allow all of 192.168.1.0 subnet to to have access to the server and limit access to the share. This is accomplished by adding 192.168.1.0/255.255.255.
portmap : 192.168.1.0/255.255.255 lockd : 192.168.1.0/255.255.255 mountd : 192.168.1.0/255.255.255 rquotad : 192.168.1.0/255.255.255 statd : 192.168.1.0/255.255.255
Now lets create the export.
$ sudo vi /etc/exports
/myfiles 192.168.1.30(rw,root squash)
This is a good setting for the export. We have set set it to be accessed by a specific system and set to read write access and protected files from client root access. What this means is after having successfully cracked the client root password, may become root but still cannot access or change files that only root can. With squash it means that the root user will have the same access as user nobody. Restart nfs service.
$ sudo service nfs restart
Ok, now we go to the target server and create the mount point and directory. For the mount I want to stay with /myfiles. So create the directory on the system. Change the permissions on the directory the person accessing them can get to them.As with the source server you need to make sure portmap and nfslok are running and set to run at restart. Follow the same process to enable and start the services.
Now lets test the mount.
$ sudo mount -t nfs -o rw srcsvr:/myfiles /myfiles
You should now be able to access any files in the directory. That will work for short term and it tests the connection. Un-mount the nfs mount and lets make an entry in /etc/fstab to make this permanent.
$ sudo vi /etc/fstab
srcsver:/myfiles /myfiles nfs _netdev,rw,tcp,intr,hard,rsize=65536,wsize=65536
So what does this all mean? Well there are up to six options in fstab in which a minimum of four are required. They are:
- device
- mount point
- fs type
- options
- dump
- check order
The minimum 4 are device, mount point, fs type and check order. here are the options used in the example above.
- _netdev – The device holding the filesystem requires network access. Do not mount until the network has been enabled.
- tcp — Specifies for the NFS mount to use the TCP protocol
- rsize=num and wsize=num — These settings speed up NFS communication for reads (rsize) and writes (wsize) by setting a larger data block size, in bytes, to be transferred at one time. Be careful when changing these values; some older Linux kernels and network cards do not work well with larger block sizes. For NFSv2 or NFSv3, the default values for both parameters is set to 8192. For NFSv4, the default values for both parameters is set to 32768.
- hard or soft — Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error (soft). If hard is specified, the user cannot terminate the process waiting for the NFS communication to resume unless the intr option is also specified. If soft is specified, the user can set an additional timeo=<value> option, where <value> specifies the number of seconds to pass before the error is reported.
- intr — Allows NFS requests to be interrupted if the server goes down or cannot be reached.
Save the changes and see if the mount works.
$ sudo mount /myfiles
Ok, that wasn’t so painful and us crusty admin’s now remember and the up and coming admin’s now have another tool in their arsenal.
Leave a Reply