Chapter 26. Sharing File Systems with NFS

Contents

26.1. Terminology
26.2. Installing NFS Server
26.3. Configuring NFS Server
26.4. Configuring Clients
26.5. For More Information

Abstract

Distributing and sharing file systems over a network is a common task in corporate environments. The well-proven network file system (NFS) works together with NIS, the yellow pages protocol. For a more secure protocol that works together with LDAP and may also use Kerberos, check NFSv4.

NFS with NIS makes a network transparent to the user. With NFS, it is possible to distribute arbitrary file systems over the network. With an appropriate setup, users always find themselves in the same environment regardless of the terminal they currently use.

26.1. Terminology

The following are terms used in the YaST module.

Exports

A directory exported by an NFS server, which clients can integrate it into their system.

NFS Client

The NFS client is a system that uses NFS services from an NFS server over the Network File System protocol. The TCP/IP protocol is already integrated into the Linux kernel; there is no need to install any additional software.

NFS Server

The NFS server provides NFS services to clients. A running server depends on the following daemons: nfsd (worker), idmapd (user and group name mappings to IDs and vice versa), statd (file locking), and mountd (mount requests).

26.2. Installing NFS Server

The NFS server software is not part of the default installation. To install the NFS server software, start YaST and select Software+Software Management. Now choose Filter+Patterns and select File Server or use the Search option and search for NFS Server. Confirm the installation of the packages to finish the installation process.

Like NIS, NFS is a client/server system. However, a machine can be both—it can supply file systems over the network (export) and mount file systems from other hosts (import).

26.3. Configuring NFS Server

Configuring an NFS server can be done either through YaST or manually. For authentication, NFS can also be combined with Kerberos.

26.3.1. NFS with Kerberos

To use Kerberos authentication for NFS, GSS security must be enabled. Select Enable GSS Security in the initial YaST NFS Server dialog. You must have a working Kerberos server to use this feature. YaST does not set up the server but just uses the provided functionality. If you want to use Kerberos authentication in addition to the YaST configuration, complete at least the following steps before running the NFS configuration:

  1. Make sure that both the server and the client are in the same Kerberos domain. They must access the same KDC (Key Distribution Center) server and share their krb5.keytab file (the default location on any machine is /etc/krb5.keytab). For more information about Kerberos, see Chapter 6, Network Authentication with Kerberos (↑Security Guide).

  2. Start the gssd service on the client with rcgssd start.

For more information about configuring kerberized NFS, refer to the links in Section 26.5, “For More Information”.

26.4. Configuring Clients

To configure your host as an NFS client, you do not need to install additional software. All needed packages are installed by default.

26.4.1. Importing File Systems with YaST

Authorized users can mount NFS directories from an NFS server into the local file tree using the YaST NFS client module. Click on Add and enter the hostname of the NFS server, the directory to import, and the mount point at which to mount this directory locally. The changes will take effect after clicking Finish in the first dialog.

In the NFS Settings tab, enable Open Port in Firewall to allow access to the service from remote computers. The firewall status is displayed next to the check box. When using NFSv4, make sure that the checkbox Enable NFSv4 is selected and that the NFSv4 Domain Name contains the same value as used by the NFSv4 server. The default domain is localdomain.

Click OK to save your changes. See Figure 26.1, “NFS Client Configuration with YaST”.

The configuration is written to /etc/fstab and the specified file systems are mounted. When you start the YaST configuration client at a later time, it also reads the existing configuration from this file.

Figure 26.1. NFS Client Configuration with YaST

NFS Client Configuration with YaST

26.4.2. Importing File Systems Manually

The prerequisite for importing file systems manually from an NFS server is a running RPC port mapper. Start it by entering rcrpcbind start as root. Then remote file systems can be mounted in the file system like local partitions using mount:

mount host:remote-pathlocal-path

To import user directories from the nfs.example.com machine, for example, use:

mount nfs.example.com:/home /home

26.4.2.1. Using the Automount Service

The autofs daemon can be used to mount remote file systems automatically. Add the following entry in the your /etc/auto.master file:

/nfsmounts /etc/auto.nfs

Now the /nfsmounts directory acts as the root for all the NFS mounts on the client if the auto.nfs file is filled appropriately. The name auto.nfs is chosen for the sake of convenience—you can choose any name. In auto.nfs add entries for all the NFS mounts as follows:

localdata -fstype=nfs server1:/data
nfs4mount -fstype=nfs4 server2:/

Activate the settings with rcautofs start as root. In this example, /nfsmounts/localdata, the /data directory of server1, is mounted with NFS and /nfsmounts/nfs4mount from server2 is mounted with NFSv4.

If the /etc/auto.master file is edited while the service autofs is running, the automounter must be restarted for the changes to take effect with rcautofs restart.

26.4.2.2. Manually Editing /etc/fstab

A typical NFSv3 mount entry in /etc/fstab looks like this:

nfs.example.com:/data /local/path nfs rw,noauto 0 0

NFSv4 mounts may also be added to the /etc/fstab file. For these mounts, use nfs4 instead of nfs in the third column and make sure that the remote file system is given as / after the nfs.example.com: in the first column. A sample line for an NFSv4 mount in /etc/fstab looks like this:

nfs.example.com:/ /local/pathv4 nfs4 rw,noauto 0 0

The noauto option prevents the file system from being mounted automatically at start up. If you want to mount the respective file system manually, it is possible to shorten the mount command specifying the mount point only:

mount /local/path

Note, that if you do not enter the noauto option, the initialization scripts of the system will handle the mount of those file systems at start up.

26.5. For More Information

In addition to the man pages of exports, nfs, and mount, information about configuring an NFS server and client is available in /usr/share/doc/packages/nfsidmap/README. For further documentation online refer to the following Web sites: