<< Previous Page: Network File Systems NFS4
The remote computer that holds the NFS4 file system makes it available to other computers on the net. It exports file system, which entails making entries in an NFS configuration file /etc/exports. The entries specify the file system exported, mountpoint (directory on the host system) and the list of hosts on the network that can access it along with options to control that access. Each time NFS server starts, the files read, and directories specified exported with corresponding entries made in the /var/lib/nfs/xtab file. The xtab file maintains the list of actual exports.
The exportfs command manually exports file system instead of using entries for them in the /etc/exports file and adding to the /var/lib/nfs/xtab file directly.
- -a: adding export entries immediately without rebooting
- -v: to display the NFS actions
- -r: to re-export lateral entries. It rsync the /var/lib/nfs/xtab file with the /etc/exports entries and removing any other exports
- -o: list various permissions
- -u: unexport directory that already has been exported
exportsfs -r -a -v
exportfs -o rw,insecure wap.ananova.com:/home/ananova
A comma-separated list of export options placed within a set of parentheses may follow each host.
‘* ‘ applied to any host
Specifying Host
- hostname: for hosts within the user domain
- fully qualified domain: for that outside domain
- host IP address with CNDR format specifying netmask to indicate the IP address range
- *.ananova.com: for all the hosts in the ananova.com network
- NIS netgroup name preceded by @ sign to reference the collection of hosts
directory-pathname host(options) host(options) host(options)
Options
Options operate as permissions to control access to exported directories.
- secure: By default, this is ON. It requires that requests originate on secure ports less than 1024.
- insecure: Turns off the secure option
- ro: This is by default and it allows only read-only access and is given to all hosts to the file system mounted on the /pub directory (public access)
/pub *(ro, insecure, all_squash, sync) - rw: Allows read/write access
- sync: This is by default and performs all writes immediately
- async: Performs all writes when the server is ready to handle it
- wdelay: By default, it checks to see if writes are relevant and perform them together. This can degrade performance.
- no_wdelay: Override the default and performs writes requests immediately without checking to see if they are related
- hide: By default, automatically hides an exported subdirectory unless it is explicitly mounted
- no_hide: Does not hide an exported subdirectory of another exported directory. Its parent directories are checked to make sure that the subdirectory is the valid directory (subtree_check). It only works with read-only file systems and cause problems for write-enabled file systems, where filenames and directories can be changed. It is valid for single hosts and can be unreliable.
- subtree_check: By default checks parent directories in a file system to validate an exported subdirectory
- no_subtree_check: Does not check parent directories in a file system to validate an exported subdirectory
- insecure_locks: Does not require authentication of locking requests. Used for the older NFS version.
User-Level Access
- all_squash: The NFS server treats the client's root-user as anonymous, i.e., squashing the user and prevents the client from attempting to appear the NFS's root user. Maps all UIDs and GIDs to the anonymous user. Useful for NFS exported public FTP directories, news spool directories, and so forth. Such anonymous users only have access to directories and files that are part of the anonymous group.
- no_all_squash: The opposite option to all_squash. It is a default setting. A particular client's root user to have the root-level control over the NFS server.
- anonuid or anongid: Sets explicitly the UID and GID of the anonymous account used for all_squash and root_squash options. The defaults are nobody and nogroup.
>> Next Page: NFS4 Access Control Lists