Network File System

1
 NFS (Network File System )
 Allows systems to share filesystems with other
computers
 Originally designed to be transparent and stateless
 Reasons for sharing file system
 Transparent to user
• User can keep use their familiar commands
• Access the same file from multiple nodes.
 To provide disk space to diskless clients
 To prevent duplication
 To provide centrally supported programs and data
 To share data among users
 Simplifies central support tasks
• Such as backup.
• Space usage monitor

2
 Network File System versions

Version 2
– slow
– Originally released by Sun in 1985
In 1990s, version 3
– Increases performance faster (common)
• Makes writes safely asynchronous
– Better support for large files
Version 4: security, locking (relatively new)
– No ancillary protocols – integrated locking and mount
– Compound operations – bundle multiple RPC together in a single
exchange
– Strong security – uses RPCSSEC_GSS API
– Require use of transport protocols that offer congestion control
– hence NFS v4 will not support UDP transport.

3
 Cont’

● NFS run on top of Sun’s RPC (Remote

Procedure Call) protocol
– RPC provides a system-independent way for
processes to communicate in a client-server
fashion over a network.
– Supports UDP or TCP for transport (v2,v3)
● File locking is worse under NFS v3 since
servers are stateless.

4
 Cont’d

 NFS consists of a number of components

 Mounting protocol
 Mount server
 Daemons that coordinate basic file service
 Several diagnostic utilities

 Basically two parts:

 Client
• Mount a directory
 Server
• Export a directory

5
 Security and NFS

• NFS protocol was originally designed with

essentially no concerns for security
• Tight control over shared file systems
– Don’t export any file systems if anyone that
you don’t trust has root access on a client host
– If you have a firewall, block port 2049, block
SunRPC portmap deamon port 111
– TCP wrappers/firewall can help protect service
• Kerberos to authenticate to ensure that remote
users really are who they say they are.
• Ipsec to encrypt the data
6
 Cont’d

• Access to NFS volumes is determined via

/etc/exports
● lists hostnames or IP addresses that have access
● assumes clients will identify themselves
correctly
– File-level access is managed according to UID,
GID, and file permissions Just as in local file
systems

7
 Server-side NFS

• Servers “export” a directory to make it available

to others
• Servers run two daemons (v2,v3)
– rpc.mountd to handle mount requests…..mount
a file system
– rpc.nfsd for actual file service---- access files
• Both daemon started at boot time
• Mountd and nfsd use the same database ( (xtab
on most systems, sharetab on Solaris)
– Files ystems to be exported are in /etc/exports

8
 Cont’d

– Can modify and view exports using

exportfs
• There are commands (exportfs, share)
to add/remove the entries in the
database
–Exportfs reads /etc/exports file
• Run exportfs –a
• To remove entries, run exportfs –u

9
 Configuring NFS server
on Ubuntu 12.04
• We have running two Ubuntu 12.04
LTS Systems in same network
192.168.1.0/24, Below given ips are
configured on server and client,
which we will use in this example
– Server: 192.168.1.10
– Client: 192.168.1.11

10
 Cont’d
Step 1: Set Up NFS Server on Ubuntu
1.1 – Install Packages
Use following command to install required
packages to configure NFS server.
$ sudo apt-get install nfs-kernel-server portmap
This package is the actual NFS daemon
listening on both UDP and TCP 2049 ports.

11
 Cont’d
Clients connect to the server using rpc (on
Linux this can be managed by the portmap
daemon). Look at rpcinfo to verify that nfs and
its related services are running.
/etc/init.d/portmap status
rpcinfo –p
• Execute rpcinfo -p to check correctness of
your NFS installation and to actually confirm
that NFS server is indeed running and
accepting calls on a port 2049:
12
 Cont’d
• Furthermore, before we start exporting and mounting
NFS directories, your system needs to actually support
network file system. To check whether your system
supports NFS grep /proc/filesystems and search for
nfs.
# cat /proc/filesystems | grep nfs
• If you do not see any output it means that NFS is not
supported or the NFS module have not been loaded
into your kernel. To load NFS module execute:
# modprobe nfs
13
 Cont’d
1.2 – Export Directory
• After completing package installation, we need to configure
nfs to export directory. we are creating a new directory,
you may use any existing directory also.
$ sudo mkdir /var/www/share
$ Sudo mkdir /var/nfs/
• Second, we should change the ownership of the directory
to the user, nobody and the group, no group. These
represent the default user through which clients can
access a directory shared through NFS.
$ sudo chown nobody:nogroup /var/www/share
$ chown nobody:nogroup /var/nfs

14
 Cont’d
• Configure NFS to export above created directory and
home directory. So that this directory can be
accessible over network using NFS.
– $ sudo nano /etc/exports
/home
192.168.1.0/24(rw,sync,no_root_squash,no_subtree_
check) /var/www/share
192.168.1.11(rw,sync,no_subtree_check)
/var/nfs 192.168.1.11(rw,sync,no_subtree_check)

15
 Cont’d
• An entry in /etc/exports will typically look like this:
directory machine1(optionx,…, optionx)
• where
• Directory the directory that you want to share. It may be an
entire volume though it need not be. If you share a directory,
then all directories under it within the same file system will
be shared as well.
• machine1 and machine2client machines that will have access
to the directory. The machines may be listed by their DNS
address or their IP address (e.g., machine.company.com or
192.168.0.8 ). Using IP addresses is more reliable and more
secure.
• Optionxx the option listing for each machine will describe
what kind of access that machine will have. Important options
are: 16
 Cont’d
• ro: The directory is shared read only; the client machine will not
be able to write it. This is the default.
• rw: The client machine will have read and write access to the
directory.
• no_root_squash: By default, any file request made by user root on
the client machine is treated as if it is made by user nobody on
the server. (Exactly which UID the request is mapped to depends
on the UID of user "nobody" on the server, not the client.) If
no_root_squash is selected, then root on the client machine will
have the same level of access to the files on the system as root on
the server. This can have serious security implications, although it
may be necessary if you want to perform any administrative work
on the client machine that involves the exported directories. You
should not specify this option without a good reason.

17
 Cont’d
• no_subtree_check: If only part of a volume is exported,
a routine called subtree checking verifies that a file
that is requested from the client is in the appropriate
part of the volume. If the entire volume is exported,
disabling this check will speed up transfers.
• sync: By default, all but the most recent version
(version 1.11) of the exportfs command will use async
behavior, telling a client machine that a file write is
complete - that is, has been written to stable storage -
when NFS has finished handing the write over to the
filesystem. This behavior may cause data corruption if
the server reboots, and the sync option prevents this.

18
 Cont’d
• After configuring /etc/exports execute following
command to export. you must create the NFS table that
holds the exports of your shares by using the following
command:
• $ sudo exportfs -a
• Restart NFS daemon
• Once you have edited /etc/exports file you need to
restart your NFS daemon to apply any changes.
Depending on your Linux distribution the restarting
procedure of NFS may differ. Ubuntu and Debian users:
• $ /etc/init.d/nfs-kernel-server restart

19
 Cont’d
• Verify Exported Directory
• To confirm and view exported directory use following
command and you will get output like below
• $ sudo exportfs -v [Samput Output]
• /home
192.168.1.0/24(rw,sync,no_root_squash,no_subtree_che
ck) /var/www/share
192.168.1.11(rw,sync,no_subtree_check)
• /var/nfs 192.168.1.11(rw,sync,no_subtree_check)

20
 Client-side NFS
• Step 2: Set Up NFS Client
• After completing set up on server side, login to
clients system where we need to configure nfs client
and mount exported directory by nfs server.
• 2.1 – Install Packages
• Install following packages on NFS client system,
which is required to mount remote directory using nfs.
• $ sudo apt-get install nfs-common portmap

21
 Cont’d
2.2 – Mount Remote Exported Directory
Now we need to create mount points for mounting remote
nfs exported directories.
$ sudo mkdir /mnt/share
$ sudo mkdir /mnt/home
$ sudo mkdir /mnt/var/nfs

22
 Cont’d
After creating mount point, mount remote NFS
exported directory using following command.
$ sudo mount 192.168.1.10:/var/www/share /mnt/share
$ sudo mount 192.168.1.10:/home /mnt/home
$ sudo mount 192.168.1.10:/var/nfs /mnt/var/nfs

23
 Cont’d
2.3 – Verify Mounted Directory
Check mounted file system using below commands. As
per below output both nfs mounted directories are
listed at end of result.
$ sudo df -h

24
 Cont’d
2.4 Set Up Auto Mount
• Add the following lines in /etc/fstab to mount NFS
directories automatically after system reboot. This will
mount directories on start up after the server reboots.
192.168.1.10:/home /mnt/home nfs
auto,noatime,nolock,bg,nfsvers=3,intr,tcp,actimeo=1800
0 0 192.168.1.10:/var/www/share /mnt/share nfs
auto,noatime,nolock,bg,nfsvers=3,intr,tcp,actimeo=1800
00

25
26
27
 Cont’d
2.5 – Unmount NFS Mount Point
• If you want to remove mounted file system, You can
simply unmounted it using umount command. Also you
need to remove entries from /etc/fstab (if added)
$ sudo umount /mnt/share # sudo umount /mnt/home

28
 Dedicated NFS File Servers

● Dedicated NFS appliances are available

● Network Appliance, EMC, HP, Oracle, etc.
– Features
● Provide Network Attached Storage (NAS)
● Optimized for file service
● Can scale to lots of storage and users
● Often provide service to both Unix and Windows
clients
● More reliable
– simpler software, redundant hardware, RAID
● Easy to administer
● Often provide backup and checkpoint facilities
29