Next Previous Contents

3. Setting up a NFS server

3.1 Prerequisites

Before you continue reading this HOWTO you will need to be able to telnet back and forth between the machine you're using as server and the client. If that does not work you need to check the networking/NET-3 HOWTO and set up networking properly.

3.2 First step

Before we can do anything else we need a NFS server set up. If you're part of a department or university network there are likely numerous NFS servers already set up. If they will let you get access to them, or indeed, if you're reading this HOWTO to get access to one of them you obviously don't need to read this section and can just skip ahead to the section on setting up a NFS client

If you need to set up a non-Linux box as server you will have to read the system manual(s) to discover how to enable NFS serving and export of file systems through NFS. There is a separate section in this HOWTO on how to do it on many different systems. After you have figured all that out you can continue reading the next section of this HOWTO. Or read more of this section since some of the things I will say are relevant no matter what kind of machine you use as server.

If you're running please see the Linux 2.2 section before you continue reading this.

Those of you still reading will need to set up a number of programs.

3.3 The portmapper

The portmapper on Linux is called either portmap or rpc.portmap. The man page on my system says it is a "DARPA port to RPC program number mapper". It is the first security hole you'll open reading this HOWTO. Description of how to close one of the holes is in the security section. Which I, again, urge you to read.

Start the portmapper. It's either called portmap or rpc.portmap and it should live in the /usr/sbin directory (on some machines it's called rpcbind). You can start it by hand now, but it will need to be started every time you boot your machine so you need to make/edit the rc scripts. Your rc scripts are explained more closely in the init man page, they usually reside in /etc/rc.d, /etc/init.d or /etc/rc.d/init.d. If there is a script called something like inet it's probably the right script to edit. But, what to write or do is outside the scope of this HOWTO. Start portmap, and check that it lives by running ps aux and then rpcinfo -p. It does? Good.

Oh, one thing. Remote access to your portmapper is regulated by the contents of your /etc/hosts.allow and /etc/hosts.deny files. If rpcinfo -p fails, but your portmapper is running please examine these files. See the security section for details on these files.

3.4 Mountd and nfsd

The next programs we need running are mountd and nfsd. But first we'll edit another file. /etc/exports this time. Say I want the file system /mn/eris/local which lives on the machine eris to be available to the machine called apollon. Then I'd put this in /etc/exports on eris:


/mn/eris/local  apollon(rw)

The above line gives apollon read/write access to /mn/eris/local. Instead of rw it could say ro which means read only (if you put nothing it defaults to read only). There are other options you can give it, and I will discuss some security related ones later. They are all enumerated in the exports man page which you should have read at least once in your life. There are also better ways than listing all the hosts in the exports file. You can for example use net groups if you are running NIS (or NYS) (NIS was known as YP), and always specify domain wild cards and IP-subnets as hosts that are allowed to mount something. But you should consider who can get access to the server in unauthorized ways if you use such blanket authorizations.

Note: This exports file is not the same syntax that other Unixes use. There is a separate section in this HOWTO about other Unixes exports files.

Now we're set to start mountd (or maybe it's called rpc.mountd and then nfsd (which could be called rpc.nfsd). They will both read the exports file.

If you edit /etc/exports you will have to make sure nfsd and mountd knows that the files have changed. The traditonal way is to run exportfs. Many Linux distributions lack a exportfs program. If you're exportfs-less you can install this script on your machine:


#!/bin/sh
killall -HUP /usr/sbin/rpc.mountd
killall -HUP /usr/sbin/rpc.nfsd
echo re-exported file systems

Save it in, say, /usr/sbin/exportfs, and don't forget to chmod a+rx it. Now, whenever you change your exports file, you run exportfs after, as root.

Now you should check that mountd and nfsd are running properly. First with rpcinfo -p. It should show something like this:


   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100005    1   udp    745  mountd
    100005    1   tcp    747  mountd
    100003    2   udp   2049  nfs
    100003    2   tcp   2049  nfs

As you see the portmapper has announced it's services, and so has mountd and nfsd.

If you get rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused, RPC_PROG_NOT_REGISTERED or something similar instead then the portmapper isn't running. OR you might have something in /etc/hosts.{allow,deny} that forbids the portmapper from answering, please see the security section for details on these files. If you get No remote programs registered. then either the portmapper doesn't want to talk to you, or something is broken. Kill nfsd, mountd, and the portmapper and try the ignition sequence again.

After checking that the portmapper reports the services you can check with ps too. The portmapper will continue to report the services even after the programs that extend them have crashed. So a ps check can be smart if something seems broken.

Of course, you will need to modify your system rc files to start mountd and nfsd as well as the portmapper when you boot. It is very likely that the scripts already exist on your machine, you just have to uncomment the critical section or activate it for the correct init run levels.

Man pages you should be familiar with now: portmap, mountd, nfsd, and exports.

Well, if you did everything exactly like I said you should you're all set to start on the NFS client.


Next Previous Contents