Network File System
Share files in a linux network
Operating System: LINUX
Packages required: nfs server and nfs client
Version used : nfs client: 1.1.0-8 -i586
nfs server: 1.3.2 -7 -i586
Download source for nfs server package: http://pkgsrc.se/wip/linux-nfs-utils
Clients : 192.168.0.2 & 192.168.0.3
CONFIGURING NFS SERVER AND CLIENT:
There are three main configuration files you will need to edit to set up an NFS server: /etc/exports, /etc/hosts.allow, and /etc/hosts.deny .
Strictly speaking, you only need to edit /etc/exports to get NFS to work, but this would lead to an extremely insecure setup.
The exports file contains a list of entries that are to be shared and how it is to be shared . For a nfs setup
this is the most important file.
Open the file using the following comand as root user:
Make the following entry:
/home 192.168.0.2(RW) 192.168.0.3(RO)
Then save and exit the file.
start the nfs server service on the server machine , use the following command as root:
service nfs start
if it is already running then :
service nfs restart
check if the following demons are running:
portmapper: tells requesting clients how to find all nfs services on server.
mountd: handles mounting functionality.
nfs:the network file sharing daemon.
Use the command rpcinfo -p
Ensure that firewalls are not running as this may restrict the clients from accessing the server.
Step 1. start nfs service by using the following command:
service nfs start
Step2: Check if the following daemons are running
At least port mapper should be running in order for nfs to work .
Use command rpcinfo -p
Step 3: create mount point on client where the nfs directory will be mounted from server.
e.g mkdir nfs
check for shared files using the following command:
showmount -e serverip
e.g showmount -e 192.168.0.1
this will show a list of directories or files that are being shared over nfs.
Step4. Finally we need to mount the shared directory on the client machine by using the following command:
mount ip adrress of server:/shared directories /mountpoint on client machine
e.g mount 192.168.0.1:/home /nfs
once mounted all contents of the shared directory will be accessible by the client.
TESTING THE SETUP:
1.> Run the rpcinfo -p command on both server and client to check whether all required services for NFS are running.
2.> Once setup is done run the showmount -e command from the client side to ensure which NFS files/directories are shared.
ADDING SECURITY TO NFS:
The basic setup of nfs does not add any kind of security to the files being shared over the network thus these
files can be accessed by an unwanted person. In order to add security to the above nfs setup there are two other files that need to be
/etc/hosts.allow and /etc/hosts.deny
These two files specify which computers on the network can use services on your machine. Each line of the file contains a single entry
listing a service and a set of machines. When the server gets a request from a machine, it does the following:
1. It first checks hosts.allow to see if the machine matches a rule listed here. If it does, then the machine is allowed access.
2. If the machine does not match an entry in hosts.allow the server then checks hosts.deny to see if the client matches a rule listed
there. If it does then the machine is denied access.
3. If the client matches no listings in either file, then it is allowed access.
The first step in doing this is to add the following entry to / etc/hosts.deny :
By adding the above entry we ensure that the portmapper daemon cannot be accesssed by any other client other than those specified in the
Or we can also specify the ip addresses or hostnames of the clients whose access needs to be restriced .
N ext, we need to add an entry to h osts.allow to give any hosts access that we want to have access. (If we just leave the above lines in
h osts.deny then nobody will have access to NFS.)
e.g portmap: 192.168.0.2 , 192.168.0.3