Sunday, September 21, 2008

Enabling NFS in Ubuntu

Under Linux and most Unix operating systems, the network file system (NFS) is the common way to share directories. With other Unix and Linux operating systems, NFS is part of the core installation. But with Ubuntu, you need to install it as a package. There are three main components required by NFS:

• portmap-This package provides support for remote procedure calls (RPC) and is used by NFS. You don't need to install portmap by itself-the apt-get commands for the other two components will install portmap as a requirement.

• nfs-common-Although portmap provides support for RPC function, this package actually provides the RPC functions for NFS. This package is required for NFS clients and servers. It provides basic RPC functions like file locking and status. If you only need to install an NFS client (meaning you will mount a directory exported by some other server), then you can use: sudo apt-get install nfs-common. Installing nfs-common will generate an error message, "Not starting NFS kernel daemon: No exports." This is expected since it is not configured.

• nfs-kernel-server-This package adds kernel modules so you can actually export a directory for use by a remote host; with this package, you get a server. You can install it using: sudo apt-get install nfs-kernel-server. This brings in portmap and nfs-common as required packages.

NFS is a great collaboration tool because entire file systems can be shared transparently. Everyone sees the same files and file changes are immediately accessible by everyone. The main limitation is operating system support. Although NFS exists for Linux, BSD, HP-UX, AIX, Solaris, BeOS, Mac OS X, and even OS/2, Windows does not natively include it. If you want to use NFS with Windows, consider installing the Windows Services for UNIX (http://www.microsoft.com/technet/interopmigration/unix/sfu/). This free product from Microsoft includes NFS server and client support.


Acting as an NFS Client
Mounting a remote file system with NFS is really easy. Just as the mount command can be used to access a hard drive, CD-ROM, or other block device, it can be used to mount a remote file system. You just need three items: the server's name, the directory name on the server that is being exported, and the mount point on your local system (a directory) for the connection. For example, to mount the directory /home/project from the server sysprj1 and place it at /mnt/project on your local computer, you would use:

sudo mkdir /mnt/project # to make sure it exists
sudo mount -t nfs sysprj1:/home/project /mnt/project

Now, all the files under /home/project on the host sysprj1 are accessible from the local directory /mnt/project. The access is completely transparent-anything you can do on your local file system can be done over this NFS mount.

If you don't know the name of the exported directory, NFS enables you to browse the list of exported partitions using the showmount -e command. This lists the directories and list of clients that can access it. The client list returned from the server can be an entire domain (for example, *.local.net) or a list of clients. Access restrictions are set by the NFS server and follow the Unix permissions. If you find that you cannot access the directory after mounting it, check the permissions with ls -l. If you do not have permission, then talk to the administrator for the NFS server.

$ showmount -e sysprj1
/home/projects *.local.net
/media/cdrom *.local.net

When you are done with the mounted partition, you can remove it using sudo umount /mnt/project.

For short-term access, you will probably want to use mount and umount to access the directory as needed. For long-term collaboration, you can add the entry in /etc/fstab. For example:

sysprj1:/home/project /mnt/project nfs defaults 0 0

Having the entry in /etc/fstab will make sure the directory is mounted every time you reboot. You can also use sudo mount /mnt/project (specifying only the mount point) as a shortcut since mount consults /etc/fstab when determining devices. NFS has one huge limitation. If the server goes down then all file accesses to the network partition will hang-up to hours-before failing. The hang-up is due to network timeouts and retries. If your connection to the server is unstable, then don't use NFS.


Acting as an NFS Server
NFS servers export directories for use by NFS clients. This is a two-step process. First, you need to create a file called /etc/exports. This file contains a list of directories to export and clients that are permitted to access the directories. Special access permissions can also be specified such as ro for read-only, rw for read-write, and sync for synchronous writes.

The NFS server will not start if /etc/exports is missing or contains no exported directories. The default file contains only a few comments, so the server will not start. After you create your first entries, you will need to start the server. The easy way to start it is with the command sudo /etc/init.d/nfs-kernel-server start.

After modifying the /etc/exports file, you need to tell the NFS server to actually export the entries.
sudo exportfs -r # re-export all entries in /etc/exports

The exportfs command can also be used for other tasks:
• List the current export table-Run exportfs without any parameters.

• Export a specific directory once-This is useful if the export is not intended to be permanent (/etc/exports is really for permanent mounts). You will need to specify options, and the list of clients is specified before the directory. For example:

sudo exportfs -o ro,async '*.local.net:/media/cdrom'

• Un-export directory-If the entry is still listed in /etc/exports, then the removal is temporary; the mount will be re-exported the next time you reboot or restart the NFS server.

sudo exportfs -u '*.local.net:/media/cdrom'

You can export anything that is mounted. This includes CD-ROM drives, USB thumb drives, and even mounted NFS partitions from other servers! Although you cannot export single files or block devices, you can export the entire /dev directory (not that you would want to). NFS offers no security, encryption, or authentication. Furthermore, established NFS connections can be easily hijacked. NFS is fine for most internal, corporate networks and for use within your home, but don't use it to share files across the Internet.

Source of Information : Hacking Ubuntu Serious Hacks Mods and Customizations

No comments: