Configuration Files of NFS Server in Linux
Main configuration files to set up an NFS server is /etc/exports.
Other two file required to restrict IP address are /etc/hosts.allow, and /etc/hosts.deny.
/etc/exports
This file contains a list of directory that is shared and its options.
An entry in /etc/exports is like
/nfsdir 192.168.1.101(rw,sync,no_root_squash) 192.168.1.102(ro,sync)
Here /nfsdir is directory that you want to share. If you share a directory, then all directories under it within the same file system will be shared as well.
IP address or host name
It is the client machine host name or IPs that will have access to the directory.
Option
The option listing for each machine describes what kind of access that machine has. Some important options are:
ro: The directory is shared read only; the client machine will not be able to write to it. This is the default.
rw: The client machine will have read and write access to the directory.
no_root_squash: By default, any file request made by user root on the client machine is treated as if it is made by user nobody on the server. If no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server. This can have serious security implications, although it may be necessary if you want to perform any administrative work on the client machine that involves the exported directories. You should not specify this option without a good reason.
no_subtree_check: If only part of a volume is exported, a routine called subtree checking verifies that a file that is requested from the client is in the appropriate part of the volume. If the entire volume is exported, disabling this check will speed up transfers.
sync: By default, all but the most recent version (version 1.11) of the exportfs command will use async behavior, telling a client machine that a file write is complete - that is, has been written to stable storage - when NFS has finished handing the write over to the filesysytem. This behavior may cause data corruption if the server reboots, but the sync option prevents this.
/etc/fstab
To mount a NFS directory on your system across the reboots, we need to make an entry in /etc/fstab./etc/sysconfig/nfs
Configuration file of NFS to control on which port rpc and other services are listening./etc/hosts.allow and /etc/hosts.deny
These two files specify which computers on the network can use services on your machine. Each line of the file contains a single entry listing a service and a set of machines. When the server gets a request from a machine, it does the following:It first checks hosts.allow to see if the machine matches a description listed in there. If it does, then the machine is allowed access.
If the machine does not match an entry in hosts.allow, the server then checks hosts.deny to see if the client matches a listing in there. If it does then the machine is denied access.
If the client matches no listings in either file, then it is allowed access.
We can add an entry to hosts.allow or host.deny to give any hosts access or denied permission in respective file
The format is like
service: host [or network/netmask] , host [or network/netmask]
Example:
portmap: 192.168.0.1 , 192.168.0.2
No comments:
Post a Comment