Configure NFS for Basic Operation
The configuration of the basic /etc/exports file is fairly simple. Once it is configured, you can export directories set up in that file with the exportfs -acommand. Each line in this file lists the directory to be exported, the hosts to which it will be exported, and the options that apply to this export. While multiple conditions can be set, you can export a particular directory only once. Take the following examples
from an /etc/exports file:
/pub (ro,sync) tester1.example.com(rw,sync)
/home *.example.com(rw,sync)
/tftp nodisk.example.net(rw,no_root_squash,sync)
In this example, the /pub directory is exported to all users as read-only. It is also exported to one specific computer with read/write privileges. The /home directory is exported, with read/write privileges, to any computer on the .example.com network. Finally, the /tftp directory is exported with full read/write privileges (even for root users) to the nodisk.example.net computer.
While these options are fairly straightforward, the /etc/exportsfile is somewhat picky. A space at the end of a line could lead to a syntax error. A space between a hostname and the conditions in parentheses would open access to all hosts.
All of these options include the sync flag. This requires all changes to be written to disk before a command such as a file copy is complete. Before NFSv4, many such options included the insecure flag, which allows access on ports above 1024. Even though NFSv4 automatically works with port 2049 by default, the insecure flag can still be useful to enable access for other ports above 1024, which is discussed later.
Wildcards and Globbing
In Linux network configuration files, you can specify a group of computers with the right wildcard, which in Linux is also known as globbing. What can be used as a wildcardepends on the configuration file. The NFS /etc/exports file uses “conventional” wildcards: for example, .example.net specifies all computers within the example.net domain. In contrast, **/etc/hosts.deny* is less conventional; .example.net, with the leading dot, specifies all computers in that same domain.
For IPv4 networks, wildcards often require some form of the subnet mask. For example, 192.168.0.0/255.255.255.0 specifies the 192.168.0.0 network of computers with IP addresses that range from 192.168.0.1 to 192.168.0.254. Some services support the use of CIDR (Classless Inter-Domain Routing) notation. In CIDR, since 255.255.255.0 masks 24 bits, CIDR represents this with the number 24. When configuring a network in CIDR notation, you can represent this network as 192.168.0.0/24.
More NFS Server Options
The examples of shared directories shown earlier are just three ways to share a directory. With /etc/exports, it’s possible to use a number of different parameters. The parameters described in Table 16-1 and 16-2 fall into two categories: general and user access.
| Parameter | Corresponding /etc/exports Command / Description |
|---|---|
| insecure | Supports communications above port 1024, primarily for NFS versions 2 and 3. |
| insecure_locks | Allows insecure file locks; suitable for older NFS clients. Does not check user permissions to a file. |
| no_subtree_check | Disables subtree checks. If you export a subdirectory such as /mnt/inst, this feature disables checks of higher-level directories for permissions. |
| sync | Syncs write operations on request. Active by default. |
| no_wdelay | Forces immediate data writes. |
| hide | Hide filesystems; if you export a directory and subdirectory such as /mnt and /mnt/inst, shares to /mnt/inst must be explicitly mounted. |
| mp | Export only if mounted; requires the export point to also be a mount point on the client. |
| fsid | Set explicit filesystem ID; specifies a numeric identifier for the exported filesystem. |
Other parameters relate to how users are treated for the purpose of NFS shared directories. As shown in Table 16-2, the options are associated with the root administrative user, anonymous-only users, and other users that may be designated in the parameters.
Activate the List of Exports
It’s not enough to configure the /etc/exports file, as it’s simply the default set of exported directories. You need to activate them with the exportfs -a command. The next time RHEL 6 is booted, if the right services are activated, the nfs start script (/etc/init.d/nfs) automatically runs the exportfs -rcommand, which re-exports
directories configured in /etc/exports.
However, if you’re modifying, moving, or deleting a share, it is safest to temporarily unexport all filesystems first with the exportfs -ua command before reexporting the shares with the exportfs -a command.
Once exports are active, they’re easy to check. Just run the showmount -ecommand on the server. To review the export list for a remote NFS server, just add the name of the NFS server. For example, the showmount -e server1.example.comcommand looks for the list of exported NFS directories from the server1.example.com system. If this command doesn’t work, communication may be blocked with a firewall.