Chapter 10. Class #10 - NFS & Samba

Table of Contents

Intro to NFS
Installing NFS
NFS Configuration
NFS as a Service
Commands to Manipulate NFS
Securing NFS
Additional Notes & Considerations for NFS
Intro to Samba
Installing Samba
Samba Configuration
Samba as a Service
Commands to Manipulate Samba
Securing Samba
Additional Notes & Considerations for Samba
Reference Material for this Chapter

NFS and Samba are two common and popular services that are in wide use today. Therefore, their inclusion in the RHCSA/RHCE requirements comes as no surprise. The information below will address requirements for getting the services installed and configured and should be sufficient for basic use.

Intro to NFS

NFS stands for Network File System, and is a distributed file system protocol originally developed by Sun Microsystems in 1984.[25] There are three available versions of NFS, outlined below.

Table 10.1. NFS Versions

Version Description
NFS v2 Original public NFS.
NFS v3 Extensions and enhancements to v2.
NFS v4 Complete redesign, Red Hat default, preferred except where backward compatibility is required.

Installing NFS

For a comprehensive install of NFS and utilities run the command `yum -y install nfs-utils nfs4-acl-tools`.

NFS Configuration

NFS configuration falls into two broad categores: a) server configuration and b) client configuration. The client configuration can be broken down further into i) direct static mounts and ii) auto-mounts. See the sections below for details.

NFS Server Configuration

There are two main files that control NFS. They are listed and described in the table below.

Table 10.2. NFS Configuration Files

File Description
'/etc/sysconfig/nfs' Configuration file of the daemon, used to restrict or allow the various versions of the protocol and, in the case of older versions, to specify ports (rather than depending on portmapper) for firewall purposes. Typically, the default values are sufficient.
'/etc/exports' Used to define the directories to be exported, the clients permitted to access them, and the mount options.

The listing below shows the configuration of '/etc/exports' of an NFS server.

    /home 192.168.0.0/24(rw,root_squash) server1.example.com(rw,no_root_squash)
    /pub  *(ro,root_squash)
[Important] Watch Spaces in the '/etc/exports' File

There is no space between the host or subnet and the options defined between the parentheses (). If you put a space between them, then you will get a global export which is rarely desirable.

There can be export restrictions regarding user mapping, which makes file ownership consistent across systems. Additionally, root squashing can be established to forbid the super-user root to access remote systems via NFS.

NFS Client Configuration

NFS client configuration is minimal, and is typcally only about mounting the NFS file tree that is exported by the server. The typical mount command is sufficient for this purpose. See the section called "NFS Client Setup" for details.

NFS Automounter

The Linux automounter automatically mounts a directory when the directory is accessed. Conversely, it unmounts the directory after a specified idle time. autofs is the service that controls this behavior.

The autofs service is controlled by a master configuration file located at '/etc/auto.master'. There are sub-configuration files that are usually called '/etc/auto.<arbitrary-name>'.

The auto.master file specifies the directories that items will be mounted under when they are accessed. It also specifies the auto.* file that is used for the configuring those directories.

The listing below shows the contents of the file '/etc/auto.master'. Below the listing is an explanation of how this file is interpreted and actualized.

/misc    /etc/auto.misc
/data    /etc/auto.data
  • When a directory under '/misc' is accessed, the '/etc/auto.misc' file indicates how to mount it.
  • When a directory under '/data' is accessed, the '/etc/auto.data' file indicates how to mount it.

The listing below shows the contents of the file '/etc/auto.data'. Below the listing is an explanation of how this file is interpreted and actualized.

    pictures       -rw,soft,intr    nfs.example.com:/export/pics
    mp3s           -ro              /dev/sdd1
  • This file specifies what to mount.
  • It also specifies the options to use when mounting.
  • When the '/data/pictures' directory is accessed, the system will mount the nfs export '/export/pics' on nfs.example.com.
  • When the '/data/mp3s' directory is accessed, the system will mount the local partition '/dev/sdd1'.
  • Note that the convention 'auto.*' specifies directory name.

Understanding the automount utility can be confusing. The following points will help clarify how automount works.

  • You must access in some fashion (cd into or read) the destination directory in order for it to automount.
  • Assuming that '/data' is the automounted directory, if nothing is automounted and you run the command `ls /data` then you will get no file listing. It will appear that the directory is empty.
  • However, if you run the command `ls /data/mp3s`, then you will get a listing. You can now run `ls /data` and you will see the mp3s directory listed. This listing will be visible until the automount times out.
  • Some commands will cause the directory to be mounted when executed but may time out before the mount is completed. It may appear that automount failed. In this case, you may need to run the command a second time.

NFS as a Service

The NFS service is manipulated by the typical "right hand -> left hand" approach of `service nfs start and `chkconfig nfs on`. As always, the service has several flags that can be thrown at the command. See Figure 7.2, "Service Usage Options" for details.

Commands to Manipulate NFS

Listed below are several commands that can be used when working with NFS. The mount command, which mounts any file system, is used to mount NFS shares, thus: `mount -t nfs -o [options] <server>:/<path>/<to>/<export> /<path>/<to>/<mountpoint>`[26] The table below lists commands that apply more specifically to NFS operation.

Table 10.3. NFS Commands

Command Description
`exportfs` Command to make exported directories immediately accessible to clients. If /etc/exports is to nfs as /etc/fstab is to filesystem mounts, then exportfs is to nfs what mount is to filesystem mounts. [a]
`showmount -e <servername>` Used to show exports that would be available to your machine.

[a] Querying `exportfs --help` and looking at the options is helpful. Note that the '-a' option checks '/etc/exports' and exports any directories that are there defined as exports but not yet exported. Corresponds to the function of `mount -a`. Note also that the '-u' option is used to unexport a previously exported filesystem.


Securing NFS

Securing NFS comes in the typical two approaches: IP Tables and SELinux. NFSv4 runs on port 2049. Earlier versions needed additional ports. Running mixed versions may require additional configuration. A safe assumptions is that, since the RHCSA/RHCE tests are taken on RHEL 6 systems, and the default on those systems is NFSv4, port 2049 is all that will need to be addressed. In production environments where the NFS versions are mixed, either a Google search or referring to previous RHEL documentation would be in order.

When considering the connection between NFS and SELinux, the booleans will be of importance. The following program listing shows the output of the command `getsebool -a | grep nfs` on a Fedora system. The same command on a RHEL system will produce the output relevant to that system.

    root@intrepid ~/
    --> getsebool -a | grep nfs
    cobbler_use_nfs --> off
    ftpd_use_nfs --> off
    git_cgi_use_nfs --> off
    git_system_use_nfs --> off
    httpd_use_nfs --> off
    ksmtuned_use_nfs --> off
    mpd_use_nfs --> off
    nfs_export_all_ro --> on
    nfs_export_all_rw --> on
    nfsd_anon_write --> off
    polipo_use_nfs --> off
    samba_share_nfs --> off
    sanlock_use_nfs --> off
    sge_use_nfs --> off
    use_nfs_home_dirs --> off
    virt_use_nfs --> off
    xen_use_nfs --> off

For additional information regarding NFS and how it works with SELinux try the commands `man nfs_selinux` and `man nfsd_selinux`.

Additional Notes & Considerations for NFS

The command `man -k nfs` returns the following (note truncated output).

    ...
    exportfs (8)         - maintain table of exported NFS file systems
    exports (5)          - NFS server export table
    ...
    idmapd (8)           - NFSv4 ID <-> Name Mapper
    idmapd.conf (5)      - configuration file for libnfsidmap
    mount.nfs (8)        - mount a Network File System
    mountd (8)           - NFS mount daemon
    mountstats (8)       - Displays NFS client per-mount statistics
    nfs (5)              - fstab format and options for the nfs file systems
    nfs4_uid_to_name (3) - ID mapping routines used for NFSv4
    nfsd (7)             - special filesystem for controlling Linux NFS server
    nfsd (8)             - NFS server process
    ...
    showmount (8)        - show mount information for an NFS server
    ...

It might also be informative to look into the contents of and information about the package nfs4-acl-tools, which provides the NFSv4 ACL tools.



[25] See Wikipedia Article on NFS for details.

[26] When mounting NFS shares, the command often does the work for you with regards to type and options. In other words, it can often be simplified to `mount <server>:/<path>/<to>/<export> /<path>/<to>/<mountpoint>`.