There are three ways to configure an NFS server under Red Hat Enterprise Linux: using the NFS Server Configuration Tool (system-config-nfs), manually editing its configuration file (/etc/exports), or using the /usr/sbin/exportfs command.
To use the NFS Server Configuration Tool, you must be running X Windows, have root privileges, and have the system-config-nfs RPM package installed. To start the application, click on System => Administration => Server Settings => NFS. You can also type the command system-config-nfs in a terminal. The NFS Server Configuration tool window is illustrated below.
Figure 18.1. NFS Server Configuration Tool
Based on certain firewall settings, you may need to configure the NFS daemon processes to use specific networking ports. The NFS server settings allows you to specify the ports for each process instead of using the random ports assigned by the portmapper. You can set the NFS Server settings by clicking on the Server Settings button. The figure below illustrates the NFS Server Settings window.
Figure 18.2. NFS Server Settings
Sharing or serving files from an NFS server is known as exporting the directories. The NFS Server Configuration Tool can be used to configure a system as an NFS server.
To add an NFS share, click the Add button. The dialog box shown in Figure 18.3, “Add Share” appears.
The Basic tab requires the following information:
Directory — Specify the directory to share, such as /tmp.
Host(s) — Specify the host(s) with which to share the directory. Refer to Section 18.6.3, “Hostname Formats” for an explanation of possible formats.
Basic permissions — Specify whether the directory should have read-only or read/write permissions.
Figure 18.3. Add Share
The General Options tab allows the following options to be configured:
Figure 18.4. NFS General Options
Allow connections from port 1024 and higher — Services started on port numbers less than 1024 must be started as root. Select this option to allow the NFS service to be started by a user other than root. This option corresponds to insecure.
Allow insecure file locking — Do not require a lock request. This option corresponds to insecure_locks.
Disable subtree checking — If a subdirectory of a file system is exported, but the entire file system is not exported, the server checks to see if the requested file is in the subdirectory exported. This check is called subtree checking. Select this option to disable subtree checking. If the entire file system is exported, selecting to disable subtree checking can increase the transfer rate. This option corresponds to no_subtree_check.
Sync write operations on request — Enabled by default, this option does not allow the server to reply to requests before the changes made by the request are written to the disk. This option corresponds to sync. If this is not selected, the async option is used.
Force sync of write operations immediately — Do not delay writing to disk. This option corresponds to no_wdelay.
Hide filesystems beneath turns the nohide option on or off. When the nohide option is off, nested directories are revealed. The clients can therefore navigate through a filesystem from the parent without noticing any changes.
Export only if mounted sets the mountpoint option which allows a directory to be exported only if it has been mounted.
Optional Mount Point specifies the path to an optional mount point. Click on the Browse to navigate to the preferred mount point or type the path if known.
Set explicit Filesystem ID: sets the fsid=X option. This is mainly used in a clustered setup. Using a consistent filesystem ID in all clusters avoids having stale NFS filehandles.
Figure 18.5. NFS User Access
The User Access tab allows the following options to be configured:
Treat remote root user as local root — By default, the user and group IDs of the root user are both 0. Root squashing maps the user ID 0 and the group ID 0 to the user and group IDs of anonymous so that root on the client does not have root privileges on the NFS server. If this option is selected, root is not mapped to anonymous, and root on a client has root privileges to exported directories. Selecting this option can greatly decrease the security of the system. Do not select it unless it is absolutely necessary. This option corresponds to no_root_squash.
Treat all client users as anonymous users — If this option is selected, all user and group IDs are mapped to the anonymous user. This option corresponds to all_squash.
Specify local user ID for anonymous users — If Treat all client users as anonymous users is selected, this option lets you specify a user ID for the anonymous user. This option corresponds to anonuid.
Specify local group ID for anonymous users — If Treat all client users as anonymous users is selected, this option lets you specify a group ID for the anonymous user. This option corresponds to anongid.
To edit an existing NFS share, select the share from the list, and click the Properties button. To delete an existing NFS share, select the share from the list, and click the Delete button.
After clicking OK to add, edit, or delete an NFS share from the list, the changes take place immediately — the server daemon is restarted and the old configuration file is saved as /etc/exports.bak. The new configuration is written to /etc/exports.
The NFS Server Configuration Tool reads and writes directly to the /etc/exports configuration file. Thus, the file can be modified manually after using the tool, and the tool can be used after modifying the file manually (provided the file was modified with correct syntax).
The next this section discusses manually editing /etc/exports and using the /usr/sbin/exportfs command to export NFS file systems.
If you prefer editing configuration files using a text editor or if you do not have the X Window System installed, you can modify the configuration file directly.
The /etc/exports file controls what directories the NFS server exports. Its format is as follows:
directory hostname(options)
The only option that needs to be specified is one of sync or async (sync is recommended). If sync is specified, the server does not reply to requests before the changes made by the request are written to the disk.
For example,
/misc/export speedy.example.com(sync)
would allow users from speedy.example.com to mount /misc/export with the default read-only permissions, but,
/misc/export speedy.example.com(rw,sync)
would allow users from speedy.example.com to mount /misc/export with read/write privileges.
Refer to Section 18.6.3, “Hostname Formats” for an explanation of possible hostname formats.
Be careful with spaces in the /etc/exports file. If there are no spaces between the hostname and the options in parentheses, the options apply only to the hostname. If there is a space between the hostname and the options, the options apply to the rest of the world. For example, examine the following lines:
/misc/export speedy.example.com(rw,sync) /misc/export speedy.example.com (rw,sync)
The first line grants users from speedy.example.com read-write access and denies all other users. The second line grants users from speedy.example.com read-only access (the default) and allows the rest of the world read-write access.
Each time you change /etc/exports, you must inform the NFS daemon of the change, or reload the configuration file with the following command:
/sbin/service nfs reload
The host(s) can be in the following forms:
Single machine — A fully qualified domain name (that can be resolved by the server), hostname (that can be resolved by the server), or an IP address.
Series of machines specified with wildcards — Use the * or ? character to specify a string match. Wildcards are not to be used with IP addresses; however, they may accidentally work if reverse DNS lookups fail. When specifying wildcards in fully qualified domain names, dots (.) are not included in the wildcard. For example, *.example.com includes one.example.com but does not include one.two.example.com.
IP networks — Use a.b.c.d/z, where a.b.c.d is the network and z is the number of bits in the netmask (for example 192.168.0.0/24). Another acceptable format is a.b.c.d/netmask, where a.b.c.d is the network and netmask is the netmask (for example, 192.168.100.8/255.255.255.0).
Netgroups — In the format @group-name, where group-name is the NIS netgroup name.
NFS shares are mounted on the client side using the mount command. The format of the command is as follows:
mount -t <nfs-type> -o <options> <host>:</remote/export> </local/directory>
Replace <nfs-type> with either nfs for NFSv2 or NFSv3 servers, or nfs4 for NFSv4 servers. Replace <options> with a comma separated list of options for the NFS file system (refer to Section 18.4, “Common NFS Mount Options” for details). Replace <host> with the remote host, </remote/export> with the remote directory being mounted, and </local/directory> with the local directory where the remote file system is to be mounted.
Refer to the mount man page for more details.
If accessing an NFS share by manually issuing the mount command, the file system must be remounted manually after the system is rebooted. Red Hat Enterprise Linux offers two methods for mounting remote file systems automatically at boot time: the /etc/fstab file or the autofs service.
An alternate way to mount an NFS share from another machine is to add a line to the /etc/fstab file. The line must state the hostname of the NFS server, the directory on the server being exported, and the directory on the local machine where the NFS share is to be mounted. You must be root to modify the /etc/fstab file.
The general syntax for the line in /etc/fstab is as follows:
server:/usr/local/pub /pub nfs rsize=8192,wsize=8192,timeo=14,intr
The mount point /pub must exist on the client machine before this command can be executed. After adding this line to /etc/fstab on the client system, type the command mount /pub at a shell prompt, and the mount point /pub is mounted from the server.
The /etc/fstab file is referenced by the netfs service at boot time, so lines referencing NFS shares have the same effect as manually typing the mount command during the boot process.
A sample /etc/fstab line to mount an NFS export looks like the following example:
<server>:</remote/export> </local/directory> <nfs-type> <options> 0 0
Replace <server> with the hostname, IP address, or fully qualified domain name of the server exporting the file system.
Replace </remote/export> with the path to the exported directory.
Replace </local/directory> with the local file system on which the exported directory is mounted. This mount point must exist before /etc/fstab is read or the mount fails.
Replace <nfs-type> with either nfs for NFSv2 or NFSv3 servers, or nfs4 for NFSv4 servers.
Replace <options> with a comma separated list of options for the NFS file system (refer to Section 18.4, “Common NFS Mount Options” for details). Refer to the fstab man page for additional information.