You are here

  1. Blogs
  2. » charles's blog

Sharing files with NFS

NFS is somewhat handy when you need to share stuff between multiple unix-like machines. Unlike CIFS/SMB/Samba, NFS is suitable for applications where unix style file permissions and case-sensitive behaviour are required. It's quite commonly used for sharing home folders in a homogeneous network, and for providing system images for diskless clients.

In it's simplest form, NFS is very insecure, trusting that user and group ID numbers are correct and making no attempt to verify the machines. Wonderfully easy but only to be used on a network where you trust every machine. On the other end of the scale NFS4 can be set up to be secure enough to use over the internet. This is a bit more tricky but useful for (partly) wireless networks and for accessing remote filesystems.

There's some overlap with userland tools like SCP and my personal favourite fish (konqueror and dolphin can browse remote files on any machine you can connect to by SSH by using addresses of the form fish://hostname, nautilus has similar functionality) but it's unsuitable for sharing things like your mythTV recordings.

I looked at automount support several years ago but I never actually collated all the reference materials I use for setting things up and I never got around to sorting some serious security.

The Ubuntu Community Documentation has an article that's more than enough to get up and running, but it falls short of explaining the why certain options are needed or when different security mechanisms are appropriate. Kerberos is more than a little scary looking but I'm sure I will get my head around it soon.

I won't go into the exact procedures for getting NFS4 up and running without kerberos as the Ubuntu article is pretty good. Playing with /etc/hosts.allow and /etc/hosts.deny may provide some measure of reassurance, but beyond molly-guarding it's fairly poor.

My tip of the hour, however, is to make sure you edit /etc/default/nfs-common to require idmapd and set up /etc/init.d/idmapd.conf on every computer that will use NFS. Failure to do this results in all remote users and groups to be mapped to nobody.

resources:
http://www.citi.umich.edu/projects/nfsv4/linux/
http://www.vanemery.com/Linux/NFSv4/NFSv4-no-rpcsec.html
https://help.ubuntu.com/community/NFSv4Howto
http://www.gentoo-wiki.com/HOWTO_NFSv4

Subject: 

Add new comment

More information about text formats

BBCode, html and code systax highlighting

  • Allowed HTML tags: <a><img> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd><strike><hr>
  • Lines and paragraphs break automatically.
  • You can use BBCode tags in the text. URLs will automatically be converted to links.

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

User login

My Band

LinuxCounter.net

Creative Commons License
Except where otherwise noted, work is licensed under a Creative Commons Licence and is the work and opinion of the credited author(s).

Powered by Drupal

My Facebook


Charles Elwood's Facebook profile