We should firstly install the relevant packages from yum / dnf:
dnf install nfs-utils nfs-utils-lib
Ensure that the NFS service will start on boot:
systemctl enable nfs-server
systemctl start nfs-server
systemctl status nfs
We now want to define which directories (exports) we want to provide to our NFS clients - we define this in the /etc/exports file:
sudo vi /etc/exports
and add something like:
/home 11.12.13.14(rw,sync,no_subtree_check)
/srv/nfs/anonaccess 11.12.13.14(rw,sync)
The options are explained below:
rw - Provides read/write access to the client.
sync - Ensure that any calls that write data to the mount point are flushed (committed) on the server before control is given back to the user space.
no_subtree_check - When a directory you are sharing is part of a heirachy / larger filesystem NFS will scan each directory above it to check its permissions / details. Disabling it is typically discouraged as it can be a security risk - although on root filesystems like /home you can generally safely turn this off (as above) - although on the anonymous share I have excluded 'no_subtree_check' (by default it is set to 'subtree_check').
It is very important to ensure that anonymous access to NFS shares use UID and GUID of 65534 when working accross different Linux varients - this is because they will quite often use different ID's for the 'nobody' user - so on our open share we can issue:
mkdir -p /srv/nfs/anonaccess
chown 65534:65534 /srv/nfs/anonaccess
chmod 755 /srv/nfs/anonaccess
When you have finished defining your exports we should use the exportfs utility to apply our configuration:
exportfs -a
Now we can move onto the client portion - you should firstly install the following packages on the NFS client machine:
dfn install nfs-utils nfs-utils-lib
and mount it on the client:
mkdir -p /mnt/nfs/home
mount -t auto 1.2.3.4:/home /mnt/nfs/home
No comments:
Post a Comment