9.7. NFS Server Configuration
There are two ways to configure an NFS server:
- Manually editing the NFS configuration file, that is,
- through the command line, that is, by using the command
/etc/exports Configuration File
/etc/exportsfile controls which file systems are exported to remote hosts and specifies options. It follows the following syntax rules:
- Blank lines are ignored.
- To add a comment, start a line with the hash mark (
- You can wrap long lines with a backslash (
- Each exported file system should be on its own individual line.
- Any lists of authorized hosts placed after an exported file system must be separated by space characters.
- Options for each of the hosts must be placed in parentheses directly after the host identifier, without any spaces separating the host and the first parenthesis.
Each entry for an exported file system has the following structure:
The aforementioned structure uses the following variables:
- The directory being exported
- The host or network to which the export is being shared
- The options to be used for host
It is possible to specify multiple hosts, along with specific options for each host. To do so, list them on the same line as a space-delimited list, with each hostname followed by its respective options (in parentheses), as in:
export host1(options1) host2(options2) host3(options3)
For information on different methods for specifying hostnames, refer to Section 9.7.4, “Hostname Formats”.
In its simplest form, the
/etc/exportsfile only specifies the exported directory and the hosts permitted to access it, as in the following example:
Example 9.6. The
/exported/directory/from the NFS server. Because no options are specified in this example, NFS will use default settings.
The default settings are:
- The exported file system is read-only. Remote hosts cannot change the data shared on the file system. To allow hosts to make changes to the file system (that is, read/write), specify the
- The NFS server will not reply to requests before changes made by previous requests are written to disk. To enable asynchronous writes instead, specify the option
- The NFS server will delay writing to the disk if it suspects another write request is imminent. This can improve performance as it reduces the number of times the disk must be accesses by separate write commands, thereby reducing write overhead. To disable this, specify the
no_wdelayis only available if the default
syncoption is also specified.
- This prevents root users connected remotely (as opposed to locally) from having root privileges; instead, the NFS server will assign them the user ID
nfsnobody. This effectively "squashes" the power of the remote root user to the lowest local user, preventing possible unauthorized writes on the remote server. To disable root squashing, specify
To squash every remote user (including root), use
all_squash. To specify the user and group IDs that the NFS server should assign to remote users from a particular host, use the
anongidoptions, respectively, as in:
Here, uid and gid are user ID number and group ID number, respectively. The
anongidoptions allow you to create a special user and group account for remote NFS users to share.
By default, access control lists (ACLs) are supported by NFS under Red Hat Enterprise Linux. To disable this feature, specify the
no_acloption when exporting the file system.
Each default for every exported file system must be explicitly overridden. For example, if the
rwoption is not specified, then the exported file system is shared as read-only. The following is a sample line from
/etc/exportswhich overrides two default options:
In this example
/another/exported/directory/read/write and all writes to disk are asynchronous. For more information on exporting options, refer to
Other options are available where no default value is specified. These include the ability to disable sub-tree checking, allow access from insecure ports, and allow insecure file locks (necessary for certain early NFS client implementations). Refer to
man exportsfor details on these less-used options.
The format of the
/etc/exportsfile is very precise, particularly in regards to use of the space character. Remember to always separate exported file systems from hosts and hosts from one another with a space character. However, there should be no other space characters in the file except on comment lines.
For example, the following two lines do not mean the same thing:
/home bob.example.com(rw) /home bob.example.com (rw)
The first line allows only users from
bob.example.comread/write access to the
/homedirectory. The second line allows users from
bob.example.comto mount the directory as read-only (the default), while the rest of the world can mount it read/write.