Network File System

Network File System

Share files in a linux network

Software Details:

Operating System: LINUX

Packages required: nfs server and nfs client

Version used : nfs client: 1.1.0-8 -i586

nfs server: 1.3.2 -7 -i586

Download source for nfs server package: http://pkgsrc.se/wip/linux-nfs-utils

Scenario :

Server 192.168.0.1

Clients : 192.168.0.2 & 192.168.0.3

CONFIGURING NFS SERVER AND CLIENT:

There are three main configuration files you will need to edit to set up an NFS server: /etc/exports, /etc/hosts.allow, and /etc/hosts.deny .

Strictly speaking, you only need to edit /etc/exports to get NFS to work, but this would lead to an extremely insecure setup.

>>/etc/exports>>

The exports file contains a list of entries that are to be shared and how it is to be shared . For a nfs setup

this is the most important file.

SERVER SIDE:

Step 1:

Open the file using the following comand as root user:

vi /etc/exports.

Make the following entry:

/home 192.168.0.2(RW) 192.168.0.3(RO)

Then save and exit the file.

Step 2:

start the nfs server service on the server machine , use the following command as root:

service nfs start

if it is already running then :

service nfs restart

Step 3:

check if the following demons are running:

portmapper: tells requesting clients how to find all nfs services on server.

mountd: handles mounting functionality.

nfs:the network file sharing daemon.

Use the command rpcinfo -p

Step 4:

Ensure that firewalls are not running as this may restrict the clients from accessing the server.

CLIENT SIDE:

Step 1. start nfs service by using the following command:

service nfs start

Step2: Check if the following daemons are running

portmapper

nfs

At least port mapper should be running in order for nfs to work .

Use command rpcinfo -p

Step 3: create mount point on client where the nfs directory will be mounted from server.

e.g mkdir nfs

check for shared files using the following command:

showmount -e serverip

e.g showmount -e 192.168.0.1

this will show a list of directories or files that are being shared over nfs.

Step4. Finally we need to mount the shared directory on the client machine by using the following command:

mount ip adrress of server:/shared directories /mountpoint on client machine

e.g mount 192.168.0.1:/home /nfs

once mounted all contents of the shared directory will be accessible by the client.

TESTING THE SETUP:

1.> Run the rpcinfo -p command on both server and client to check whether all required services for NFS are running.

2.> Once setup is done run the showmount -e command from the client side to ensure which NFS files/directories are shared.

ADDING SECURITY TO NFS:

The basic setup of nfs does not add any kind of security to the files being shared over the network thus these

files can be accessed by an unwanted person. In order to add security to the above nfs setup there are two other files that need to be

configured :

/etc/hosts.allow and /etc/hosts.deny

These two files specify which computers on the network can use services on your machine. Each line of the file contains a single entry

listing a service and a set of machines. When the server gets a request from a machine, it does the following:

1. It first checks hosts.allow to see if the machine matches a rule listed here. If it does, then the machine is allowed access.

2. If the machine does not match an entry in hosts.allow the server then checks hosts.deny to see if the client matches a rule listed

there. If it does then the machine is denied access.

3. If the client matches no listings in either file, then it is allowed access.

The first step in doing this is to add the following entry to / etc/hosts.deny :

By adding the above entry we ensure that the portmapper daemon cannot be accesssed by any other client other than those specified in the

/etc/hosts.allow

Or we can also specify the ip addresses or hostnames of the clients whose access needs to be restriced .

N ext, we need to add an entry to h osts.allow to give any hosts access that we want to have access. (If we just leave the above lines in

h osts.deny then nobody will have access to NFS.)

portmap:all

service:hostname

e.g portmap: 192.168.0.2 , 192.168.0.3