9.3. NFS Server Configuration
system-config-nfs), manually editing its configuration file (
/etc/exports), or using the
/etc/exportsand using the
/usr/sbin/exportfscommand to export NFS file systems.
/etc/exports Configuration File
/etc/exportsfile controls which file systems are exported to remote hosts and specifies options. Blank lines are ignored, comments can be made by starting a line with the hash mark (
#), and long lines can be wrapped with a backslash (
\). Each exported file system should be on its own individual line, and any lists of authorized hosts placed after an exported file system must be separated by space characters. Options for each of the hosts must be placed in parentheses directly after the host identifier, without any spaces separating the host and the first parenthesis.
<export> <host1>(<options>) <hostN>(<options>)...
- single host — Where one particular host is specified with a fully qualified domain name, hostname, or IP address.
- wildcards — Where a
?character is used to take into account a grouping of fully qualified domain names that match a particular string of letters. Wildcards should not be used with IP addresses; however, it is possible for them to work accidentally if reverse DNS lookups fail.Be careful when using wildcards with fully qualified domain names, as they tend to be more exact than expected. For example, the use of
*.example.comas a wildcard allows sales.example.com to access an exported file system, but not bob.sales.example.com. To match both possibilities both
*.*.example.commust be specified.
- IP networks — Allows the matching of hosts based on their IP addresses within a larger network. For example,
192.168.0.0/28allows the first 16 IP addresses, from 192.168.0.0 to 192.168.0.15, to access the exported file system, but not 192.168.0.16 and higher.
- netgroups — Permits an NIS netgroup name, written as
@<group-name>, to be used. This effectively puts the NIS server in charge of access control for this exported file system, where users can be added and removed from an NIS group without affecting
/etc/exportsfile only specifies the exported directory and the hosts permitted to access it, as in the following example:
/exported/directory/. Because no options are specified in this example, the following default NFS options take effect:
ro— Mounts of the exported file system are read-only. Remote hosts are not able to make changes to the data shared on the file system. To allow hosts to make changes to the file system, the read/write (
rw) option must be specified.
wdelay— Causes the NFS server to delay writing to the disk if it suspects another write request is imminent. This can improve performance by reducing the number of times the disk must be accessed by separate write commands, reducing write overhead. The
no_wdelayoption turns off this feature, but is only available when using the
root_squash— Prevents root users connected remotely from having root privileges and assigns them the user ID for the user
nfsnobody. This effectively "squashes" the power of the remote root user to the lowest local user, preventing unauthorized alteration of files on the remote server. Alternatively, the
no_root_squashoption turns off root squashing. To squash every remote user, including root, use the
all_squashoption. To specify the user and group IDs to use with remote users from a particular host, use the
anongidoptions, respectively. In this case, a special user account can be created for remote NFS users to share and specify
<uid-value>is the user ID number and
<gid-value>is the group ID number.
no_acloption when exporting the file system. For more about this feature, refer to the chapter titled Network File System (NFS) in the System Administrators Guide.
rwoption is not specified, then the exported file system is shared as read-only. The following is a sample line from
/etc/exportswhich overrides two default options:
/another/exported/directory/read/write and all transfers to disk are committed to the disk before the write request by the client is completed.
exportsman page for details on these lesser used options.
/etc/exportsfile is very precise, particularly in regards to use of the space character. Remember to always separate exported file systems from hosts and hosts from one another with a space character. However, there should be no other space characters in the file except on comment lines.
/home bob.example.com(rw) /home bob.example.com (rw)
bob.example.comread/write access to the
/homedirectory. The second line allows users from
bob.example.comto mount the directory as read-only (the default), while the rest of the world can mount it read/write.
/etc/exports, refer to the chapter titled Network File System (NFS) in the System Administrators Guide.