- RHEL5 NFS server config
- NFS tunneling over SSH
- NFS client (SOLARIS10) config
- NFS client (RHEL5) config
RHEL5 NFS server config
NFS file systems should be installed on a separate disk or partition (on server)
By having file systems on a separate partition of a harddisk, we can ensure that malicious users can not simply fill up the entire harddisk by writing large files onto it. This will then be able to crash other services running on the same harddisk.
Configuration presents 2 shares /inst and /share/nfs
[root@centos11 nfs]# cat /etc/exports
/inst *(ro,sync)
/share/nfs *(rw,sync)
For shares /inst and /share/nfs all clients have access but for /inst READ-ONLY,SYNC and DEFAULT perms are permitted but for /share/nfs READ-WRITE,SYNC and DEFAULT perms are permitted.
exportfs -aAlways run this command after setting up shares.
service nfs restartRestart NFS daemon in order to read new configuration.
[root@centos11 nfs]# exportfs -v
/share/nfs (rw,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
/inst (ro,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
I shows what options were used to exported shares.
[root@centos11 nfs]# showmount -e localhost
Export list for localhost:
/inst *
/share/nfs *
Shows exported shares.
NFS options :
There are some disrepancies between mounting NFS fs anf EXT* fs in options.
Below I present you most commonly used options in NFS fs.
secure
Prevent normal users on an NFS client from mounting an NFS file system (on server)
ro
If you need only READ-OLNY perms on your server, you should use ro option.Then the file system should be exported as read-only to prevent unintended or even intended modifications on those files.
root_squash
When this option is used, then while mounting using the command mount, the user ID ?root? on the NFS client will be replaced by the user ID ?nobody? on the NFS server. This is to prevent the root on the NFS client from taking a superuser privilege on the NFS server, thus perhaps illegally allowing him to modify files on the NFS server.
nosuid
This is to prevent files with suid bits set on the NFS server, e.g., Trojan horse files, from being executed on the NFS client, which could then lead to root compromise on the client. Or the root on the NFS client may accidentally execute those suid files.
noexec
Disable any file execution at all
intr
Allows NFS requests to be interrupted if the server goes down or cannot be reached.
hard or soft
Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error (soft).
If hard is specified, the user cannot terminate the process waiting for the NFS communication to resume unless the intr option is also specified.
If soft is specified, the user can set an additional timeo=
NFS tunneling over SSH
Here you can read about it.
I will prepare such configuration and post in this blog soon.
NFS client (SOLARIS10) config
mount -F nfs -o vers=3 192.168.56.127:/share/nfs /mnt/nfsIf you wanted to mount it manually.
# vi /etc/vfstab
192.168.56.127:/share/nfs /mnt/nfs nfs rw,sync 0 0If you wanted to mount at boot.
NFS client (RHEL5) config
mount -t nfs 192.168.56.127:/share/nfs /mnt/nfsIf you wanted to mount it manually.
# vi /etc/fstab
192.168.56.127:/share/nfs /mnt/nfs nfs rw,sync 0 0If you wanted to mount at boot.
