LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   My NSF setup good? bad? Please? (https://www.linuxquestions.org/questions/linux-networking-3/my-nsf-setup-good-bad-please-4175495391/)

hapibeli 02-18-2014 11:57 AM
My NSF setup good? bad? Please?
 
How does my /etc/exports file look? Any Problems?

How about my /etc/hosts.allow ?

# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/export 192.168.1.0/24(rw,fsid=0,insecure,no_subtree_check,async)
/export/users 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,async)

/var/nfs * (ro,async,subtree_check)

/var/nfs 192.168.1.1/24 (ro,async,subtree_check)

/home 192.168.0.104(rw,sync,no_root_squash,no_subtree_check)
/var/nfs 192.168.0.104(rw,sync,no_subtree_check)






# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/export 192.168.1.0/24(rw,fsid=0,insecure,no_subtree_check,async)
/export/users 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,async)

/var/nfs * (ro,async,subtree_check)

/var/nfs 192.168.1.1/24 (ro,async,subtree_check)

/home 192.168.0.104(rw,sync,no_root_squash,no_subtree_check)
/var/nfs 192.168.0.104(rw,sync,no_subtree_check)

lleb 02-19-2014 06:58 AM
do you have any OSx users that will be connecting to the NFS share?

If not, then drop the insecure line, it will not be required for Linux users, its only required for OSx users as for some reason Apple is not keeping up to date with their NFS connection services. In fact OSx is still stuck in NFSv3 world they are so far behind.

hapibeli 02-19-2014 10:07 AM
My NSF setup good? bad? Please?
 
Thanks Lieb, I have no OSx users, so which is the Mac users line??
I've just been following instructions from Ubuntu howtos. I'm not even sure how to use NFS when it is in place!




Quote:
Originally Posted by lleb (Post 5120793)
do you have any OSx users that will be connecting to the NFS share?

If not, then drop the insecure line, it will not be required for Linux users, its only required for OSx users as for some reason Apple is not keeping up to date with their NFS connection services. In fact OSx is still stuck in NFSv3 world they are so far behind.

lleb 02-19-2014 08:32 PM
i told you. its the word insecure. that is used 99.99% of time only if you have OSx in your network accessing the shares.

here is my exports:

Code:
$ cat /etc/exports
#
#        /etc/exports

#        NFS4
/exports *(rw,insecure,subtree_check,crossmnt,fsid=0)

#        NFSv3
/exports/centos/public *(rw,insecure,no_subtree_check,fsid=3010)
/exports/NFS_TV_Shows *(rw,insecure,no_subtree_check,fsid=3020)
few things to note.

1. i have the insecure as i have OSx in my network.
2. note that each and every export line has its own fsid. this is a good habit.
3. note i also support both NFSv3 and NSFv4, this again is due to having OSx in my network.

hapibeli 02-19-2014 10:49 PM
Thank you Lieb! Sorry for my inattention. Here is/etc/hosts.allow in its new state;

# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#

rpcbind mountd nfsd statd lockd rquotad : 127.0.0.1 192.168.0.101 192.168.0.103 192.168.0.104 192.168.0.105 192.168.0.102

/export 192.168.1.0/24(rw,fsid=0,no_subtree_check,async)
/export/users 192.168.1.0/24(rw,nohide,no_subtree_check,async)

/var/nfs * (ro,async,subtree_check)

/var/nfs 192.168.1.1/24 (ro,async,subtree_check)

/home 192.168.0.104(rw,sync,no_root_squash,no_subtree_check)
/var/nfs 192.168.0.104(rw,sync,no_subtree_check)


cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#

/export 192.168.1.0/24(rw,fsid=0,no_subtree_check,async)
/export/users 192.168.1.0/24(rw,nohide,no_subtree_check,async)

/var/nfs * (ro,async,subtree_check)

/var/nfs 192.168.1.1/24 (ro,async,subtree_check)

/home 192.168.0.104(rw,sync,no_root_squash,no_subtree_check)
/var/nfs 192.168.0.104(rw,sync,no_subtree_check)

lleb 02-20-2014 12:01 PM
code flags are you friend, please use them. again you do not have fsid on each of your shares. id look into that if i were you.


All times are GMT -5. The time now is 11:17 PM.