{"id":308,"date":"2020-08-18T19:23:47","date_gmt":"2020-08-18T20:23:47","guid":{"rendered":"http:\/\/www.linux-tutorial.info\/?page_id=77"},"modified":"2020-08-22T19:26:17","modified_gmt":"2020-08-22T20:26:17","slug":"this-is-the-page-title-toplevel-143","status":"publish","type":"page","link":"http:\/\/www.linux-tutorial.info\/?page_id=308","title":{"rendered":"NFS"},"content":{"rendered":"\n<title>NFS<\/title>\n<question id=\"380\" text=\"Linux machines typically share files using what protocol?\" \/>\n<p>\nThe Network File System (NFS) is an industry standard means of being able to share entire\nfilesystems among machines within a computer <glossary>network<\/glossary>.\n As with the other aspects of networking, the\nmachines providing the service (in this case the filesystem) are the servers and the machines\nutilizing the service are the clients. Files residing physically on the server appear as if they are\nlocal to the <glossary>client<\/glossary>.\n This enables file sharing without the hassle of copying the files and worrying\nabout which one is the more current.\n<\/p>\n<question id=\"381\" text=\"A short coming of NFS is that you cannot share just a part of a filesystem.\" \/>\n<p>\nOne difference that <glossary>NFS<\/glossary>  <glossary>filesystem<\/glossary>\nhave over &#8220;conventional&#8221; filesystem is that it is possible to\nallow access to a <i>portion<\/i> of a <glossary>filesystem<\/glossary>,\n rather than the entire one.\n<\/p>\n<question id=\"382\" text=\"What term is used to describe making filesystem available via NFS?\" \/>\n<p>\nThe term <em>exporting<\/em> is used to describe how <glossary>NFS<\/glossary>\nmakes local directories available to\nremote systems. These directories are then said to be <em>exported<\/em>. Therefore, an exported\ndirectory is a directory that has been made available for remote access. Sometimes the term\n<em>importing<\/em> is referred to the process of remotely mounting filesystems, although\n<em>mounting <\/em>is more commonly used.\n<\/p>\n<question id=\"385\" text=\"Files can be mounted automatically via NFS through the \/etc\/fstab file.\" \/>\n<concept id=\"195\" description=\"Files can be mounted automatically via NFS through the \/etc\/fstab file.\" \/>\n<p>\nThere are a couple of ways you can <glossary>mount<\/glossary>\na remote <glossary>filesystem<\/glossary>. The first is automatically mounting it when the system boots up.\nThis is done by adding an entry\ninto <file>\/etc\/fstab<\/file>.  You could also add a line in some rc-script that runs a <command>mount<\/command>\ncommand.\n<\/p>\n<question id=\"383\" text=\"All NFS filesystems need to be explictely mounted by the root user.\" \/>\n<p>\nIf the remote <glossary>mount<\/glossary>\nis a one-time deal, the system <glossary>administrator<\/glossary>\ncan also mount it by hand. Potentially, the administrator could create and entry in <file>\/etc\/fstab<\/file>\nthat does not mount  the <glossary>filesystem<\/glossary> at <glossary>boot<\/glossary>\ntime, but rather is mounted later on. In either <glossary>event<\/glossary>,\nthe system administrator would use the <command>mount<\/command> command. If necessary, the system administrator can\nalso allow users to mount remote filesystems.\n<\/p>\n<p>\nA <glossary>client<\/glossary>\nmachine can also be configured to <glossary>mount<\/glossary>\nremote <glossary>filesystem<\/glossary>\non an &#8220;as-needed&#8221; basis, rather than whenever the system boots up. This is through the mechanism of\nthe  automount program. We&#8217;ll get into a lot of details about how automount works later on.\n<\/p>\n<question id=\"384\" text=\"What might the command look like to use NFS mount the share \/usr\/man from the machine jmohr?\" \/>\n<p>\nThe syntax for using the <glossary>mount<\/glossary>\ncommand to mount remote file system is basically the same as for local filesystems. The difference\nbeing that you specify the remote <glossary>host<\/glossary> along with the exported path. For\nexample, if I want to mount the man-pages from jmohr, I could do it like this:\n<\/p>\n<p>\n<commandexample command=\"mount\">mount -t nfs [-o options] jmohr:\/usr\/man \/usr\/man<\/commandexample>\n<\/p>\n<p>\nHere I told the <glossary>mount<\/glossary>\ncommand that I was mounting a <glossary>filesystem<\/glossary>\nof type <glossary>NFS<\/glossary>\nand that the filesystem was on the machine jmohr under the name <directory>\/usr\/man<\/directory>. I then told\nit to mount it onto the  local <directory>\/usr\/man<\/directory> directory. There are a  couple of things to\nnote here. First, I don&#8217;t have\nto mount the filesystem on the same place as it is exported from. I could have just as easily\nexported it to <directory>\/usr\/doc<\/directory> or <directory>\/usr\/local\/man<\/directory>. If I want I can include other options like &#8220;normal\nfilesystems&#8221; such as read only.\n<\/p>\n<question id=\"\" type=\"mc\" text=\"What is the NFS server's primary configuration file?\" \/>\n<concept id=\"\" description=\"The NFS server's primary configuration file is \/etc\/exports.\" \/>\n<question id=\"386\" text=\"Which file list the filesystem that your computer exports via NFS?\" \/>\n<p>\nIf you are a server, the primary configuration file is <file type=\"\">\/etc\/exports<\/file>, which is a simple <glossary>ASCII<\/glossary>\nfile and additions or changes can be made with any text\neditor. This is a list of the directories that the server is making available for mounting along\nwith who  can <glossary>mount<\/glossary> them and what <glossary>permissions<\/glossary>\nthey have. In addition, the server needs a way to find the clients <glossary>address<\/glossary>,\ntherefore mounting will fail if the name cannot be resolved either by <glossary>DNS<\/glossary>\nor <file type=\"\">\/etc\/hosts<\/file>. Likewise, the clients depends on name resolution to access the server.\n<\/p>\n<question id=\"387\" text=\"What entry in the NFS export file would share the filesystem \/pub to everyone?\" \/>\n<question id=\"388\" text=\"What entry in the NFS export file would share the filesystem \/pub to the system siemau?\" \/>\n<p>\nThe <file type=\"\">\/etc\/exports<\/file> file has one line for each directory you want to <glossary>export<\/glossary>.\nThe left side is the path of the directory you want to export and the right side is options\nyou want to apply.  For example, you can limit access to the directory to just one machine or make\nthe directory read only. On <i>junior<\/i>, the exports might look like this:<\/p>\n<table>\n  <tr>\n    <td>\/pub<\/td>\n    <td>*<\/td>\n  <\/tr>\n  <tr>\n    <td>\/<\/td>\n    <td>jmohr(rw)  <\/td>\n  <\/tr>\n  <tr>\n    <td>\/usr\/jmohr_root  <\/td>\n    <td>jmohr(rw)  <\/td>\n  <\/tr>\n<\/table>\n<p>\nThe first line says that I am exporting the \/pub directory to the entire world. Since there are\nno options, this means  that the <glossary>filesystem<\/glossary> is also writable. I wouldn&#8217;t\nnormally do this if I were connected to the Internet, even if there wasn&#8217;t anything sensitive here.\nIt is a matter of practice, that I know exactly what access I am giving to the world.\n<\/p>\n<p>\nThe next line says that I am exporting the entire root <glossary>filesystem<\/glossary>\nto the machine <i>jmohr<\/i>. Since this is a development <glossary>environment<\/glossary>,\n I have different versions and distributions of Linux on different machines. I often need to have\naccess to the different files to compare and contrast them. Here, the filesystem is also writable\nas I explicitely said <keyinput>rw<\/keyinput> (for read-write).\n<\/p>\n<question id=\"389\" text=\"You can re-export NFS filesystems.\" \/>\n<concept id=\"\" description=\"You can re-export NFS filesystems.\" \/>\n<p>\nThe last line takes a little explaining. When I <glossary>mount<\/glossary>\nthe root <glossary>filesystem<\/glossary>\nfrom <i>jmohr<\/i>, I mount it onto <directory>\/usr\/jmohr_root<\/directory>, which is the name of the directory that I am\nexporting here.  This demonstrate the fact that you can <glossary>export<\/glossary> a filesystem to\none machine and then have it re-exported.\n<\/p>\n<concept id=\"\" description=\"When re-exporting NFS filesystems, you cannot allow more access than the original NFS export.\" \/>\n<question id=\"\" type=\"TF\" text=\"When re-exporting NFS filesystems, you cannot allow more access than the original NFS export.\" \/>\n<question id=\"392\" text=\"NFS cannot be used to increase the access to the files on the mounted filesystem.\" \/>\n<concept id=\"197\" description=\"NFS cannot be used to increase the access to the files on the mounted filesystem.\" \/>\n<p>\nKeep in mind, however, that we cannot increase the permission during the re-export.  That is, if\nthe <glossary>filesystem<\/glossary> were originally made read-only, we could not make it writable\nwhen I re-export it. However, if it were writable, I <i>could<\/i> <glossary>export<\/glossary> it as\nread-only.\n<\/p>\n<p>\n<img decoding=\"async\" src=\"nfs1.png\" width=249 height=237 border=0 usemap=\"#nfs_map\">\n<map name=\"nfs_map\">\n<area shape=\"RECT\" coords=\"3,60,59,97\" href=\"popup#NFS#When accessing files across NFS, applications access the virtual filesystem layer, which in turn access NFS.\">\n<area shape=\"RECT\" coords=\"1,20,67,195\" href=\"popup#NFS#Usually the user is unaware that the files are located on a remote system.\">\n<area shape=\"RECT\" coords=\"192,6,246,235\" href=\"popup#NFS#In general, any directory can be exported via NFS.\">\n<area shape=\"RECT\" coords=\"68,69,191,128\" href=\"popup#NFS#Newer versions of NFS can use either the TCP or UDP protocol. \">\n<\/map>\n<p>\n<icaption>Image &#8211; An example <glossary>NFS<\/glossary> mount (<b>interactive<\/b>)<\/icaption>\n<\/p>\n<p>\nA solution that many systems provide is <command>amd<\/command>, which is an automatic mounting facility for <glossary>NFS<\/glossary>\nfilesystems. Once configured, any command or program that accesses a file or directory on the remote\nmachine within the exported directory forces the mounting to occur. The exported directory remains\nmounted until it is no longer needed.\n<\/p>\n<p>\nIf you can access a <glossary>filesystem<\/glossary>\nunder Linux, you can access it under <glossary>NFS<\/glossary>.\n(including <glossary>DOS<\/glossary> filesystems) This is because the access to the file is a multi-step process.\nWhen you first access a\nfile (say opening a text file to edit it). The local system first determines\nthat this is an NFS mounted filesystem. NFS on the local system then goes NFS on the remote system\nto get the file. On the remote system, NFS tries to read the file that is physically on the disk. It\nis at this point that it needs to go through the filesystem drivers. Therefore, if the filesystem is\nsupported on the remote system, NFS should have no problem accessing it. Once a filesystem has been\nexported, the <glossary>client<\/glossary> sees the filesystem as an NFS filesystem and therefore\nwhat type it is, is <em>really<\/em> irrelevant.\n<\/p>\n<concept id=\"\" description=\"You cannot use device nodes on filesystems mounted with NFS.\" \/>\n<question id=\"\" type=\"TF\" text=\"Devices nodes on NFS-mounted filesystem can be accessed just like local device nodes.\" \/>\n<p>\nThere are a couple of limitations with <glossary>NFS<\/glossary>.\n First, although you might be able to see the <glossary>device nodes<\/glossary>\non a remote machine, you cannot access the remote devices. Think back to the discussion on the\n<glossary>kernel<\/glossary>. The device node is a file that is opened by a\n<glossary>device driver<\/glossary> to gain access to the physical device. It has a major and\n<glossary>minor number<\/glossary> that point to and pass flags to the device driver. If you open up a\ndevice node on a remote system, the major and minor numbers for that device node point to drivers in\nthe <em>local<\/em> kernel.\n<\/p>\n<p>\nRemotely mounted filesystems present a unique set of problems when dealing with user access\nrights. Because it can have adverse effects on your system, it is necessary to have both user and\ngroup ID unique across the entire <glossary>network<\/glossary>.  If you don&#8217;t, access to files and\ndirectories can be limited, or you may end up giving someone access to a file that shouldn&#8217;t.\nAlthough you could create each user on every system, or copy the passwd files, the most effect\nmethod is using <glossary>NIS<\/glossary>.\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>NFS The Network File System (NFS) is an industry standard means of being able to share entire filesystems among machines within a computer network. As with the other aspects of networking, the machines providing the service (in this case the &hellip; <a href=\"http:\/\/www.linux-tutorial.info\/?page_id=308\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-308","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages\/308","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=308"}],"version-history":[{"count":1,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages\/308\/revisions"}],"predecessor-version":[{"id":643,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages\/308\/revisions\/643"}],"wp:attachment":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}