NFS stands for Network File System, a file system developed by Sun Microsystems, Inc. It is a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory. For example, if you were using a computer linked to a second computer via NFS, you could access files on the second computer as if they resided in a directory on the first computer. This is accomplished through the processes of exporting (the process by which an NFS server provides remote clients with access to its files) and mounting (the process by which file systems are made available to the operating system and the user).
The NFS protocol is designed to be independent of the computer, operating system, network architecture, and transport protocol. This means that systems using the NFS service may be manufactured by different vendors, use different operating systems, and be connected to networks with different architectures. These differences are transparent to the NFS application, and thus, the user.
Configuration of NFS Server
On the Linux system that runs the NFS server, you export (share) one or more directories by listing them in the
/etc/exports
file and by running theexportfs
command. In addition, you must start the NFS server.On each client system, you use the
mount
command to mount the directories that your server exported.
The only problem with using NFS is that each client system must support it. Microsoft Windows doesn’t ship with NFS, so you have to buy the NFS software separately if you want to share files by using NFS. Using NFS if all systems on your LAN run Linux (or other variants of Unix with built-in NFS support) makes good sense, however.
NFS has security vulnerabilities, so you shouldn’t set up NFS on systems that are directly connected to the Internet without using the RPCSEC_GSS security that comes with NFS version 4 (NFSv4). Version 4.2 was released in November 2016; you should use it for most purposes, because it includes all the needed updates.
The following information walks you through NFS setup, using an example of two Linux PCs on a LAN.
Exporting a file system with NFS in Linux
Start with the server system that exports — makes available to the client systems — the contents of a directory. On the server, you must run the NFS service and designate one or more file systems to export.
To export a file system, you have to add an appropriate entry to the /etc/exports
file. Suppose that you want to export the /home
directory, and you want to enable the host named hackonology
to mount this file system for read and write operations. You can do so by adding the following entry to the /etc/exports
file:
/home hackonology(rw,sync)
If you want to give access to all hosts on a LAN such as 192.168.0.0
, you could change this line to
/home 192.168.0.0/24(rw,sync)
Every line in the /etc/exports
file has this general format:
Directory host1(options) host2(options) …
The first field is the directory being shared via NFS, followed by one or more fields that specify which hosts can mount that directory remotely and several options in parentheses. You can specify the hosts with names or IP addresses, including ranges of addresses.
The options in parentheses denote the kind of access each host is granted and how user and group IDs from the server are mapped to ID the client. (If a file is owned by root
on the server, for example, what owner is that on the client?) Within the parentheses, commas separate the options. If a host is allowed both read and write access, and all IDs are to be mapped to the anonymous user (by default, the anonymous user is named nobody
), the options look like this:
(rw,all_squash)
The table below shows the options you can use in the /etc/exports
file. You find two types of options: general options and user ID mapping options.
Option | Description |
General Options | |
secure | Allows connections only from port 1024 or lower (default) |
insecure | Allows connections from port 1024 or higher |
ro | Allows read-only access (default) |
rw | Allows both read and write access |
sync | Performs write operations (writing information to the disk) when requested (by default) |
async | Performs write operations when the server is ready |
no_wdelay | Performs write operations immediately |
wdelay | Waits a bit to see whether related write requests arrive and then performs them together (by default) |
hide | Hides an exported directory that’s a subdirectory of another exported directory (by default) |
no_hide | Causes a directory to not be hidden (opposite of hide) |
subtree_check | Performs subtree checking, which involves checking parent directories of an exported subdirectory whenever a file is accessed (by default) |
no_subtree_check | Turns off subtree checking (opposite of subtree_check) |
insecure_locks | Allows insecure file locking |
User ID Mapping Options | |
all_squash | Maps all user IDs and group IDs to the anonymous user on the client |
no_all_squash | Maps remote user and group IDs to similar IDs on the client (by default) |
root_squash | Maps remote root user to the anonymous user on the client (by default) |
no_root_squash | Maps remote root user to the local root user |
anonuid=UID | Sets the user ID of anonymous user to be used for the all_squash and root_squash options |
anongid=GID | Sets the group ID of anonymous user to be used for the all_squash and root_squash options |
After adding the entry in the /etc/exports
file, manually export the file system by typing the following command in a terminal window:
exportfs -a
This command exports all file systems defined in the /etc/exports
file.
Now you can start the NFS server processes.
In Debian, start the NFS server by logging in as root
and typing /etc/init.d/nfs-kernel-server start in a terminal window. In Fedora, type /etc/init.d/nfs start. In SUSE, type /etc/init.d/nfsserver start. If you want the NFS server to start when the system boots, type update-rc.d nfs-kernel-server defaults in Debian. In Fedora, type chkconfig – -level 35 nfs on. In SUSE, type chkconfig – -level 35 nfsserver on.
When the NFS service is up, the server side of NFS is ready. Now you can try to mount the exported file system from a client system and access the exported file system as needed.
If you ever make any changes in the exported file systems listed in the /etc/exports
file, remember to restart
the NFS service. To restart a service, invoke the script in the /etc/init.d
directory with restart as the argument (instead of the start
argument that you use to start the service).
Mounting an NFS file system in Linux
To access an exported NFS file system on a client system, you have to mount that file system on a mount point. The mount point is nothing more than a local directory. Suppose that you want to access the /home
directory exported from the server named hackonology
at the local directory /mnt/abc
on the client system. To do so, follow these steps:
- Log in as
root
, and create the directory with this command:mkdir /mnt/abc
$ echo "192.168.0.0/home /mnt/abc nfs defaults 0 0" >> /etc/fstab $ mount -a
Let’s Join our Hacking Team
We Are Indian We Are Great
Hope this article helpful for you. Thank You
Indian Cyber Army | Make IT Secure
Enjoy…Stay Happy…Stay Secure…
Hope this article helpful for you. Thank You
If You Appreciate What We Do Here On Hackonology, You Should Consider:
Hackonology is the fastest growing and most trusted community site where you can find lots of courses, articles about Technology/Hacking/Cracking. Millions of people visit Hackonology! to search or browse the thousands of published articles available FREELY to all.
Let's be a part of Hacker's Community! Join our Hacking Team
We Are Indian We Are Great