Académique Documents
Professionnel Documents
Culture Documents
TCP is the default transport protocol for NFS version 2 and 3 under
Red Hat Enterprise Linux. UDP can be used for compatibility purposes
as needed, but is not recommended for wide usage. NFSv4 requires
TCP. All the RPC/NFS daemons have a '-p' command line option that
can set the port, making firewall configuration easier.
After TCP wrappers grant access to the client, the NFS server refers to
the /etc/exports configuration file to determine whether the client is
allowed to access any exported file systems. Once verified, all file and
directory operations are available to the user.
nfs
service nfs start starts the NFS server and the appropriate RPC
processes to service
requests for shared NFS file systems.
nfslock
service nfslock start activates a mandatory service that starts the
appropriate RPC
processes allowing NFS clients to lock files on the server.
rpcbind
rpcbind accepts port reservations from local RPC services. These
ports are then made
available (or advertised) so the corresponding remote RPC services
can access them.
rpcbind responds to requests for RPC services and sets up
connections to the
requested RPC service. This is not used with NFSv4.
THE FOLLOWING RPC PROCESSES
FACILITATE NFS SERVICES:
rpc.mountd
rpc.nfsd
Lockd
rpc.statd
rpc.rquotad
rpc.idmapd
NFS CLIENT CONFIGURATION
The mount command mounts NFS shares on the client side. Its format
is as follows:
intr
Allows NFS requests to be interrupted if the server goes down or
cannot be reached.
lookupcache= mode
Specifies how the kernel should manage its cache of directory entries for a
given mount point. Valid arguments for mode are all, none, or pos/positive.
nfsvers= version
Specifies which version of the NFS protocol to use, where version is 2, 3, or
4. This is useful for hosts that run multiple NFS servers. If no version is
specified, NFS uses the highest version supported by the kernel and mount
command.
The option vers is identical to nfsvers, and is included in this release for
compatibility reasons.
Noacl Turns off all ACL processing. This may be needed when interfacing
with older versions of
Red Hat Enterprise Linux, Red Hat Linux, or Solaris, since the most recent
nolock
Disables file locking. This setting is occasionally required when
connecting to older NFS servers.
noexec
Prevents execution of binaries on mounted file systems. This is useful
if the system is mounting a non-Linux file system containing
incompatible binaries.
nosuid
Disables set-user-identifier or set-group-identifier bits. This
prevents remote users from gaining higher privileges by running a
setuid program.
port=num
port=num — Specifies the numeric value of the NFS server port. If num is 0 (the
default), then mount queries the remote host's rpcbind service for the port
number to use. If the remote host's NFS daemon is not registered with its
rpcbind service, the standard NFS port number of TCP 2049 is used instead.
If NFS is set to start at boot, ensure that nfslock also starts by running
chkconfig --list
nfslock. If nfslock is not set to on, this implies that you will need to manually
run the service
nfslock start each time the computer starts. To set nfslock to automatically
start on boot, use
chkconfig nfslock on.
nfslock is only needed for NFSv3.
To stop the server, use:
# service nfs stop
Every file system being exported to remote users with NFS, as well as
the access level for those file systems, are listed in the /etc/exports
file. When the nfs service starts, the /usr/sbin/exportfs command
launches and reads this file, passes control to rpc.mountd (if NFSv2
or NFSv3) for the actual mounting process, then to rpc.nfsd where the
file systems are then available to remote users.
When issued manually, the /usr/sbin/exportfs command allows the
root user to selectively export or unexport directories without
restarting the NFS service. When given the proper options, the
/usr/sbin/exportfs command writes the exported file systems to
/var/lib/nfs/xtab. Since rpc.mountd refers to the xtab file when
deciding access privileges to a file system, changes to the list of
exported file systems take effect immediately.
The Network Information Service (NIS) and Network File System (NFS)
are services that allow you to build distributed computing systems
that are both consistent in their appearance and transparent in the
way files and data are shared.
The Network File System (NFS) is a distributed filesystem that provides
transparent access to remote disks.
If NFS has been set up correctly, it should be transparent to the user. For
example, if locally developed applications were found in /usr/local/bin
before NFS was installed, they should
continue to be found there when NFS is running, whether /usr/local/bin is
on a local filesystem or a remote one. To the user, the actual disk holding
/usr/local/bin isn't important as long as the executables are accessible and
built for the right machine architecture. If user smust change their
environments to locate files accessed through NFS, they will probably dislike
the new network architecture because it changes the way things work.
An environment with many NFS servers and hundreds of clients can quickly
become
overwhelming in terms of management complexity. Successful system
administration of a
large NFS network requires adding some intelligence to the standard
procedures. The cost of
consistency on the network should not be a large administrative overhead.
One tool that
greatly eases the task of running an NFS network is the automounter, which
applies NIS
management to NFS configuration. This chapter starts with a quick look at
how to get NFS up
SETTING UP NFS
On an NFS client, you need to have the lockd and statd daemons
running in order to use NFS.
These daemons are generally started in a boot script (Solaris uses
/etc/init.d/nfs.client):
if [ -x /usr/lib/nfs/statd -a -x /usr/lib/nfs/lockd ]
then
/usr/lib/nfs/statd > /dev/console 2>&1
/usr/lib/nfs/lockd > /dev/console 2>&1
fi
On most NFS servers, there is a file that contains the list of
filesystems the server will allow clients to mount via NFS. Many
servers store this list in /etc/exports file.
The nfsd daemon accepts NFS RPC requests and executes them on
the server. Some servers run multiple copies of the daemon so that
they can handle several RPC requests at once. In Solaris, a single copy
of the daemon is run, but multiple threads run in the kernel to
provide parallel NFS service.
EXPORTING FILESYSTEMS
The pathname may point to a directory that the client has mounted, or it
may not make sense
on the client. If you uncover a link that was made on the server that points to
a filesystem not
exported from the server, you will have either trouble or confusion if you
resolve the link. If
the link accidentally points to a valid file or directory on the client, the
results are often
An example here helps explain how links can point in unwanted directions.
Let's say that you install a new publishing package, marker, in the tools
filesystem on an NFS server. Once it's loaded, you realize that you need to
free some space on the /tools filesystem, so you move the font directory
used by marker to the /usr filesystem, and make a symbolic link to redirect
the fonts subdirectory to its new location:
# mkdir /usr/marker
# cd /tools/marker
# tar cf - fonts | ( cd /usr/marker; tar xbBfp 20 - )
# rm -rf fonts
# ln -s /usr/marker/fonts fonts
Using symbolic links to reduce the number of directories in a
pathname is beneficial only if
users are not tempted to cd from one link to another:
# ln -s /minnow/fred /u/fred
# ln -s /alewife/lucy /u/lucy
The unsuspecting user tries to use the path-compressed names, but
finds that relative
pathnames aren't relative to the link directory:
Mount points, exports, and links
Symbolic links have strange effects on mounting and exporting
filesystems. A good general rule to remember is that filesystem
operations apply to the target of a link, not to the link itself. The
symbolic link is just a pointer to the real operand.
If you mount a filesystem on a symbolic link, the actual mount occurs
on the directory pointed to by the link. The following sequence of
operations produces the same net result:
# mkdir -p /users/hal
# ln -s /users/hal /usr/hal
# mount bitatron:/export/home/hal /usr/hal
MOUNTING A SERVER'S SYMBOLIC
LINK
A potential problem arises if the symbolic link and the directory it
points to are on
different filesystems: it's possible that the server has exported the
link's filesystem but
not the filesystem containing the link's target. In this example,
/usr/man and
/usr/share/man could be in two distinct filesystems, which would
require two entries in
the server's dfstab file.