You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Setting Up The Server

For an NFSv4 server, all of the exports are handled through one export point (the pseudofilesystem), with all other exports grouped underneath a root export.

  1. Create a root export directory.
  2. Bind all of the shares we intend to export into the root export directory.
  3. Export everything.
Create Server Export Directories

The "/exports" directory will hold all of our local filesystem resources that will be made available as exports. The subdirectories are the actual exported resources which need to be mapped back to the real resources.

[root@nfs1 ~]# mkdir /exports
[root@nfs1 ~]# mkdir /exports/distros
[root@nfs1 ~]# mkdir /exports/sge
[root@nfs1 ~]# mkdir -m 1777 /exports/users

Make sure all of the directories have at least one test file in them, so we can more easily verify when a mount has worked.

[root@nfs1 ~]# touch /exports/distros/distros.tmp
[root@nfs1 ~]# touch /exports/sge/sge.tmp
[root@nfs1 ~]# touch /exports/users/users.tmp
Read-Only NFSv4 Mount

Read-Only (RO) mounts are useful for distributing public files, installation software, etc. In this example, we export a 'distros' directory as read-only.

Read/Write NFSv4 Mount

The most common type of NFS mount is the Read/Write (RW) mount. Since we created the /exports/users directory with the sticky bit set, any remote user will be able to read and write to the directory, but only the owner of the files will be able to modify or delete them. If the "root" user on the NFSv4 client writes a file to the directory, the ownership will be changed to "nobody". Root squashing is on by default, which means that the "root" user on remote NFS clients does not have root privileges on the server.

The only difference between read-only and read-write exports is the 'ro' vs. 'rw' in the export statement.

The following configuration is bind mounting the original directories (left) into the main "/exports" directory. Note the filesystem type is defined as "none" and the only option defined is the "bind" method.

[root@nfs1 ~]# vi /etc/fstab

/opt/distros    /exports/distros        none    bind 0 0
/opt/sge        /exports/sge            none    bind 0 0
/home/REALM     /exports/users          none    bind 0 0

After the /etc/fstab file has been configured, the mounts can be bound using the following command.

[root@nfs1 ~]# mount -a -t none

For testing, you can use mount --bind and exportfs to set this up temporarily:

[root@nfs1 ~]# mount --bind /opt/distros /exports/distros
[root@nfs1 ~]# mount --bind /opt/sge /exports/sge
[root@nfs1 ~]# mount --bind /home/REALM /exports/users
[root@nfs1 ~]# exportfs -ofsid=0,insecure,no_subtree_check *:/exports
[root@nfs1 ~]# exportfs -oro,nohide,insecure,no_subtree_check *:/exports/distros
[root@nfs1 ~]# exportfs -orw,nohide,insecure,no_subtree_check *:/exports/sge
[root@nfs1 ~]# exportfs -orw,nohide,insecure,no_subtree_check *:/export/users

Check the active mounts to confirm the successful mounting of the bound directories.

[root@nfs1 ~]# mount -l | grep bind
/opt/distros on /exports/distros type none (ro,bind)
/opt/sge on /exports/sge type none (rw,bind)
/home/REALM on /exports/users type none (rw,bind)

Doing a directory listing of the "/exports/sge" directory displays the directories that are actually located in "/opt/sge".

[root@nfs1 ~]# ls -l /exports/sge
drwxr-xr-x  3 root root 4096 Dec  9 15:49 pub

The exports can now be defined for the server. Instead of exporting a number of distinct exports, an NFSv4 client sees the NFSv4 server's exports as existing inside a single filesystem, called the nfsv4 "pseudofilesystem". The most important configuration setting here is the "fsid=0" option which tells the server that this is the pseudofilesystem and that all other directories are contained within this one. Another important setting here is the anonuid and anongid values, they are set to 65534 which is the nobody account. Be sure to check the nfs man page for NFSv4 specific export options.

[root@nfs1 ~]# vi /etc/exports

/exports             10.0.0.0/24(rw,insecure,sync,wdelay,no_subtree_check,fsid=0,no_root_squash,anonuid=65534,anongid=65534)
/exports/distros     10.0.0.0/24(ro,insecure,sync,wdelay,no_subtree_check,nohide,no_root_squash,anonuid=65534,anongid=65534)
/exports/sge         10.0.0.0/24(rw,insecure,sync,wdelay,no_subtree_check,nohide,no_root_squash,anonuid=65534,anongid=65534)
/exports/users       10.0.0.0/24(rw,insecure,sync,wdelay,no_subtree_check,nohide,no_root_squash,anonuid=65534,anongid=65534)

Testing

The exports that are available from the server can be checked with the following commands.

[root@nfs1 ~]# exportfs -v
/exports/distros 10.0.0.0/24(ro,wdelay,insecure,root_squash,no_subtree_check,fsid=0,anonuid=65534,anongid=65534)
/exports/sge 10.0.0.0/24(rw,wdelay,insecure,root_squash,no_subtree_check,fsid=0,anonuid=65534,anongid=65534)
/exports/users 10.0.0.0/24(rw,wdelay,insecure,root_squash,no_subtree_check,fsid=0,anonuid=65534,anongid=65534)

[root@nfs1 ~]# showmount -e
Export list for nfs1.example.com:
/exports/distros 10.0.0.0/24
/exports/sge 10.0.0.0/24
/exports/users 10.0.0.0/24

If you have changed the export configuration and need to re-export, you can use:

[root@nfs1 ~]# exportfs -rv
exporting 10.0.0.0/24:/exports/distros
exporting 10.0.0.0/24:/exports/sge
exporting 10.0.0.0/24:/exports/users
  • No labels