Is this Nethserver module helpful to you?
Please consider donating to the author

Thank you kindly!

2019/03/04 05:32 · HF

NFS

Available for NS7 and NS6

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984,[1] allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. The NFS is an open standard defined in Request for Comments (RFC), allowing anyone to implement the protocol.

Maintainer

Stephane de Labrusse at stephdl@de-labrusse.fr

Installation

1-You need to install my repository, see how to do it

2-You can install nfs

yum install nethserver-nfs

Usage

The rpm installs nethserver-samba and nethserver-ibay, nfs is running and adjustable per ibay via the sharedfolder panel. It is advised to install nethserver-dc (Samba AD) to protect by a password the access via Samba, however nfs can work also if the share are in guest mode.

You have two modes

  • Use the server UID/GID server (access control by GID and IP)

    In this mode the users of the remote client must be in the same GID that the owning group of the samba share. You must add manually to all users the GID as a secondary group

Any root users of any remote clients can overwrite this GID limitation, hence the option root squash to restrict the root power.

In clear you have two access control (GID and IP)

  • Lazzy mode (access control by IP)

Uncheck the option above, then you don't need to set a second gid on users, the only access control is at the IP level

If you want you can allow quickly a read access to all your local network (you must respect the gid if checked)

Settings

Add secondary group to a user

Except the command 'id' all others must be used by root or by sudo

  • To see user Ownership
  id User
  • To create a new gid/group
  groupadd -g GidNumber -o GroupName
  • To add a secondary group to a user
  usermod -a -G GidNumber UserName

You might need to logout/login your user, or reboot the computer, to apply the new group ownership You can also use the command newgrp

newgrp GroupName

Mount the remote share

  • by the command line

Once the share is created, then on the remote allowed client, we need to mount the share

mkdir toto
mount -vt nfs 192.168.xxx.xxx:/var/lib/nethserver/ibay/toto toto/

to see the content (it is like if you are on a local folder)

ll toto/

on a remote client you can see the shares

[helene@leo ~]$ showmount -e 192.168.12.172
Export list for 192.168.12.172:
/var/lib/nethserver/ibay/toto 192.168.12.24,192.168.12.26,192.168.12.25
/var/lib/nethserver/ibay/plop 192.168.12.25
  • by the fstab

mount the network share in the fstab

If you want to get mounted the NFS remote share at boot, you can add it in your fstab

Eg

server:/usr/local/pub    /pub   nfs    defaults 0 0

Using fstab is useful for a server which is always on, and the NFS shares are available whenever the client boots up. Edit /etc/fstab file, and add an appropriate line reflecting the setup. Again, the server's NFS export root is omitted.

Note: Consult the NFS and mount man pages for more mount options. Some additional mount options to consider are include:

  • NFS Timeout

Nfs can have a really long timeout in case if the remote host is not reachable, if you want to avoid it you can do

mount -t nfs -o nolock,timeo=30,retrans=1,retry=0 192.168.xx.xxx:/home/e-smith/files /mnt/partage

timeo

The -o timeo option allows designation of the length of time, in tenths of seconds, that the client will wait until it decides it will not get a reply from the server, and must try to send the request again. The default value is 7 tenths of a second

retrans

The -o retrans option allows designation of the number of timeouts allowed before the client gives up, and displays the Server not responding message. The default value is 3 attempts.

retry

The number of minutes that the mount command retries an NFS mount operation in the foreground or background before giving up. If a value of zero is specified, the mount command exits immediately after the first failure. If this option is not specified, the default value for foreground mounts is 2 minutes, and the default value for background mounts is 10000 minutes (80 minutes shy of one week).

Custom rules

Nfs offers a lot of parameters and you may need some specific settings that it would be difficult or dangerous to let them in all hands. So for some cases you can enable by db command your nfs shares

but you cannot :

* use the wildcard '*'
* open your shares to ip(s) outside of your local network(s)
* use a domain to define your shares, the ip or the network are a mandatory
* use the root '/'
* let a space between the ip and its share definition

IF you want to do all these dangerous things, then you need to do them by custom templates.

How enable specific rules (the name of the rule is free):

config setprop nfs-rules MYRULE "/var/lib/nethserver/ibay/IBAYNAME 192.168.14.0/22(nohide,sync,wdelay,rw,no_root_squash,secure)"

or

config setprop nfs-rules RULE2 "/var/lib/nethserver/ibay/IBAYNAME 192.168.14.154(nohide,sync,wdelay,rw,no_root_squash,secure)"

then

signal-event nethserver-nfs-update

There is no analysis of the share settings, ditto for the path of the folder you want to share (except for the '/')

Common Mount permission options
 rw              read/write permissions
 ro              read-only permissions
 insecure        Allows the use of ports over 1024
 sync            Specifies that all changes must be written to disk before a command completes
 no_wdelay       Forces the writing of changes immediately

rootsquash Prevents root users noroot_squash Allow root users

Documentation

Admin's feedbacks

FIXME

Issues

Please raise Issues on github

Sources

source are available