Linux NFS Configuration: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 33: Line 33:
===anonymous===
===anonymous===


This is specified by a single * character (not to be confused with the wildcard entry above) and will match all clients.
This is specified by a single * character (not to be confused with the wildcard entry above) and will match all clients:
 
<syntaxhighlight lang='text'>
/opt/share0 *(rw,sync,no_root_squash,no_subtree_check)
</syntaxhighlight>


==<tt>rw</tt>==
==<tt>rw</tt>==

Revision as of 23:49, 12 December 2019

Internal

Exports Configurations

The exported filesystems are specified in /etc/exports and in files available in the /etc/exports.d directory.

The file /etc/exports contains a table of local physical file systems to be made accessible to the NFS clients.

If filesystems are specified in both /etc/exports and /etc/exports.d files, all filesystems are exported.

Export Options

The following export options are used in /etc/exports.

Client Specification

NFS clients may be specified in a number of ways:

Single Host

A host may be specified either by an abbreviated name recognized be the resolver, the fully qualified domain name, an IPv4 address, or an IPv6 address. IPv6 addresses must not be inside square brackets in /etc/exports lest they be confused with character-class wildcard matches.

IP networks

Directories may be exported to all hosts on an IP (sub-) network simultaneously. This is done by specifying an IP address and netmask pair as address/netmask where the netmask can be specified in dotted-decimal format, or as a contiguous mask length. For example, either `/255.255.252.0' or `/22' appended to the network base IPv4 address results in identical subnetworks with 10 bits of host. IPv6 addresses must use a contiguous mask length and must not be inside square brackets to avoid confusion with character-class wildcards. Wildcard characters generally do not work on IP addresses, though they may work by accident when reverse DNS lookups fail.

Wildcards

Machine names may contain the wildcard characters * and ?, or may contain character class lists within [square brackets]. This can be used to make the exports file more compact; for instance, *.cs.foo.edu matches all hosts in the domain cs.foo.edu. As these characters also match the dots in a domain name, the given pattern will also match all hosts within any subdomain of cs.foo.edu.

anonymous

This is specified by a single * character (not to be confused with the wildcard entry above) and will match all clients:

/opt/share0 *(rw,sync,no_root_squash,no_subtree_check)

rw

This option allows both read and write.

sync

The requests to the exported directory are confirmed only after the changes are committed.

no_subtree_check

This option prevents the subtree checking. When a shared directory is the subdirectory of a larger filesystem, nfs performs scans of every directory above it, in order to verify its permissions and details. Disabling the subtree check may increase the reliability of NFS, but reduce security.

no_root_squash

This phrase allows root to connect to the designated directory.

Mount Options

dirsync

All directory updates within the filesystem should be done synchronously. This affects the following system calls: creat, link, unlink, symlink, mkdir, rmdir, mknod and rename.

nolock

rpc.statd - Handling NFS Locking in Absence of rpc.statd

_netdev, bg

_netdev prevents the mount before the network is up. bg is background so it will proceed with boot if nfs server not available, it will keep trying in background until available.