Saturday 9 April 2016

Setting up NFS on CentOS 7 / Fedora 23

We should firstly install the relevant packages from yum / dnf:

dnf install nfs-utils nfs-utils-lib

Ensure that the NFS service will start on boot:

systemctl enable nfs-server
systemctl start nfs-server
systemctl status nfs

We now want to define which directories (exports) we want to provide to our NFS clients - we define this in the /etc/exports file:

sudo vi /etc/exports

and add something like:

/home 11.12.13.14(rw,sync,no_subtree_check)
/srv/nfs/anonaccess 11.12.13.14(rw,sync)

The options are explained below:

rw - Provides read/write access to the client.

sync - Ensure that any calls that write data to the mount point are flushed (committed) on the server before control is given back to the user space.

no_subtree_check - When a directory you are sharing is part of a heirachy / larger filesystem NFS will scan each directory above it to check its permissions / details. Disabling it is typically discouraged as it can be a security risk - although on root filesystems like /home you can generally safely turn this off (as above) - although on the anonymous share I have excluded 'no_subtree_check' (by default it is set to 'subtree_check').

It is very important to ensure that anonymous access to NFS shares use UID and GUID of 65534 when working accross different Linux varients - this is because they will quite often use different ID's for the 'nobody' user - so on our open share we can issue:

mkdir -p /srv/nfs/anonaccess
chown 65534:65534 /srv/nfs/anonaccess
chmod 755 /srv/nfs/anonaccess

When you have finished defining your exports we should use the exportfs utility to apply our configuration:

exportfs -a

Now we can move onto the client portion - you should firstly install the following packages on the NFS client machine:

dfn install nfs-utils nfs-utils-lib

and mount it on the client:

mkdir -p /mnt/nfs/home
mount -t auto 1.2.3.4:/home /mnt/nfs/home

0 comments:

Post a Comment