21.6. NFS Server Configuration
system-config-nfs), manually editing its configuration file (
/etc/exports), or using the
system-config-nfsin a terminal. The NFS Server Configuration tool window is illustrated below.
Figure 21.1. NFS Server Configuration Tool
Figure 21.2. NFS Server Settings
21.6.1. Exporting or Sharing NFS File Systems
- Directory — Specify the directory to share, such as
- Host(s) — Specify the host(s) with which to share the directory. Refer to Section 21.6.4, “Hostname Formats” for an explanation of possible formats.
- Basic permissions — Specify whether the directory should have read-only or read/write permissions.
Figure 21.4. NFS General Options
- Allow connections from port 1024 and higher — Services started on port numbers less than 1024 must be started as root. Select this option to allow the NFS service to be started by a user other than root. This option corresponds to
- Allow insecure file locking — Do not require a lock request. This option corresponds to
- Disable subtree checking — If a subdirectory of a file system is exported, but the entire file system is not exported, the server checks to see if the requested file is in the subdirectory exported. This check is called subtree checking. Select this option to disable subtree checking. If the entire file system is exported, selecting to disable subtree checking can increase the transfer rate. This option corresponds to
- Sync write operations on request — Enabled by default, this option does not allow the server to reply to requests before the changes made by the request are written to the disk. This option corresponds to
sync. If this is not selected, the
asyncoption is used.
- Force sync of write operations immediately — Do not delay writing to disk. This option corresponds to
- Hide filesystems beneath turns the
nohideoption on or off. When the
nohideoption is off, nested directories are revealed. The clients can therefore navigate through a filesystem from the parent without noticing any changes.
- Export only if mounted sets the
mountpointoption which allows a directory to be exported only if it has been mounted.
- Optional Mount Point specifies the path to an optional mount point. Click on the to navigate to the preferred mount point or type the path if known.
- Set explicit Filesystem ID: sets the
fsid=Xoption. This is mainly used in a clustered setup. Using a consistent filesystem ID in all clusters avoids having stale NFS filehandles.
Figure 21.5. NFS User Access
- Treat remote root user as local root — By default, the user and group IDs of the root user are both 0. Root squashing maps the user ID 0 and the group ID 0 to the user and group IDs of anonymous so that root on the client does not have root privileges on the NFS server. If this option is selected, root is not mapped to anonymous, and root on a client has root privileges to exported directories. Selecting this option can greatly decrease the security of the system. Do not select it unless it is absolutely necessary. This option corresponds to
- Treat all client users as anonymous users — If this option is selected, all user and group IDs are mapped to the anonymous user. This option corresponds to
- Specify local user ID for anonymous users — If Treat all client users as anonymous users is selected, this option lets you specify a user ID for the anonymous user. This option corresponds to
- Specify local group ID for anonymous users — If Treat all client users as anonymous users is selected, this option lets you specify a group ID for the anonymous user. This option corresponds to
/etc/exports.bak. The new configuration is written to
/etc/exportsconfiguration file. Thus, the file can be modified manually after using the tool, and the tool can be used after modifying the file manually (provided the file was modified with correct syntax).
/etc/exportsand using the
/usr/sbin/exportfscommand to export NFS file systems.
21.6.2. Command Line Configuration
/etc/exportsfile controls what directories the NFS server exports. Its format is as follows:
syncis recommended). If
syncis specified, the server does not reply to requests before the changes made by the request are written to the disk.
/misc/exportwith the default read-only permissions, but,
/misc/exportwith read/write privileges.
/etc/exportsfile. If there are no spaces between the hostname and the options in parentheses, the options apply only to the hostname. If there is a space between the hostname and the options, the options apply to the rest of the world. For example, examine the following lines:
/misc/export speedy.example.com(rw,sync) /misc/export speedy.example.com (rw,sync)
speedy.example.comread-write access and denies all other users. The second line grants users from
speedy.example.comread-only access (the default) and allows the rest of the world read-write access.
/etc/exports, you must inform the NFS daemon of the change, or reload the configuration file with the following command:
service nfs reload
21.6.3. Running NFS Behind a Firewall
/etc/sysconfig/nfsconfiguration file to control which ports the required RPC services run on. Refer to and read Section 32.1.22, “
/etc/sysconfig/nfs” for instructions on how to configure a firewall to allow NFS.
21.6.4. Hostname Formats
- Single machine — A fully qualified domain name (that can be resolved by the server), hostname (that can be resolved by the server), or an IP address.
- Series of machines specified with wildcards — Use the * or ? character to specify a string match. Wildcards are not to be used with IP addresses; however, they may accidentally work if reverse DNS lookups fail. When specifying wildcards in fully qualified domain names, dots (.) are not included in the wildcard. For example,
*.example.comincludes one.example.com but does not include one.two.example.com.
- IP networks — Use a.b.c.d/z, where a.b.c.d is the network and z is the number of bits in the netmask (for example 192.168.0.0/24). Another acceptable format is a.b.c.d/netmask, where a.b.c.d is the network and netmask is the netmask (for example, 192.168.100.8/255.255.255.0).
- Netgroups — In the format @group-name, where group-name is the NIS netgroup name.