NFS Exports

From Webmin Documentation
Jump to: navigation, search

NFS File Sharing

This page explains how to export files to other Unix systems by setting up an NFS server.

Introduction to file sharing with NFS

NFS is the most common protocol for sharing files between Unix systems over a network. NFS servers export directories from their local hard disks to NFS clients, which mount them so that they can be accessed like any other directory. Unlike other file sharing protocols such as Windows networking, Netware and AppleShare, NFS was designed to support client systems that have multiple users. This means that a client never logs into a server, and that the server almost completely trusts the client to authenticate users. The down side is that NFS is not a good protocol for sharing files with client systems that are not fully trusted.

Instead of using usernames and passwords for authentication, NFS uses the IP address of the client. Only trusted clients are allowed to mount directories from the server, so that it is not vulnerable to unauthorized file access from any client on the network. Some additional security can be gained by restricting the access of particular Unix users on a client, or treating all requests from a client as a single user.

On Linux, the /etc/exports file contains a permanent list of directories exported by NFS and the clients they are exported to. Typically this file is read at boot time by the nfsd and mountd programs, which run in the background to service NFS requests. When you change or create exports using Webmin, the exports file is directly updated.

This chapter covers only the sharing of directories from a server using NFS. For details on how to mount an NFS exported directory on a client, see chapter 5. If you want to share files with Windows clients, you should read chapter 43 (which covers Samba) instead, as NFS support is not widely available for Windows.

The NFS Exports module

On Linux, NFS server configuration is done using the NFS Exports module which can be found under the Networking category. After entering the module, the main page will display a list of exported directories and the clients that are allowed to access them, as shown below:


The NFS Exports module

Most Linux distributions come with the programs required for NFS file sharing installed by default. However, if Webmin detects that they are missing from your system an error message will be displayed when you enter the module. If that happens, you will need to install the nfs-server or nfs package from your distribution CD or website.

Exporting a directory

Only directories on local filesystems can be exported via NFS, so it is not possible to re-export files that have been mounted from another NFS server. Neither is it possible to export directories from non-Unix filesystems such as vfat, ntfs or iso-9660. If an exported directory has mount points under it, files under those mount points will not be accessible by NFS clients. So if you exported the root directory / and has a separate filesystem mounted at /home , you would need to also export /home and clients would need to mount it in order to see the files under it.

The steps for exporting a directory are :

  1. Click on the Add a new export link on the main page of the module. This will take you to a form for entering the details of the export, as shown below.
  2. Enter the directory that you want to share in the *Directory to export* field.
  3. Unless you want the export to be unavailable, make sure the Active? option is set to Yes.
  4. The Export to option allows you to choose which clients will have access to the directory. The possible choices are :
    • Everyone Any system that can connect to yours over the network will be able to mount the directory. Be very careful with this choice, as it may allow anyone on the Internet to access your files.
    • Host(s) Only the single specified host or IP address will be allowed. You can also enter a wildcard hostname like *.foo.com for this option to allow all hosts from a domain. However, if you want to export a directory to several specific client hosts then the only solution is to create multiple exports of the same directory, each with a different hostname in this field.
    • WebNFS clients WebNFS is a rarely used protocol for accessing NFS exports over the internet. Don't use this option unless you know what you are doing, as it may allow anyone to access your files.
    • Netgroup A netgroup is a list of hosts that is defined on an NIS server. Unfortunately, your system must be an NIS client for this to be useful.
    • Network and Netmask All hosts on the specified network will be allowed to connect. To allow all hosts with IP addresses from 192.168.1.0 to 192.168.1.255, you would enter 192.168.1.0 for the network and 255.255.255.0 for the netmask.
  5. If you want to prevent clients from modifying or creating files in the exported directory, set the Access mode option to Read only.
  6. If exporting only to trusted systems, set the *Trust remote users* option to Everyone. However, if you want to ensure that clients only have the permissions of a single Unix user, set Trust remote users to Nobody and enter the user and his primary group into the Treat untrusted users as and Treat untrusted groups as fields respectively. This can be very useful if exporting to a client workstation that is used by single user.
  7. Click the Create button to save the export. If you have made any mistakes in any of the fields, an explanatory error message will be displayed. Otherwise, the browser will return to the list of exports.
  8. Click the Apply Changes button to make your new export active.


The new NFS export form

Allowed clients should now be able to mount the exported directory. If not, check your system's error logs for messages from the NFS server processes that explain why the client is being rejected.

Editing or deleting an NFS exports

All the details of any existing NFS export can be edited at any time, by following these steps :

  1. On the main page of the module, click on the client under the Exported to column that you want to edit. If a single directory is exported multiple times to different clients, each one must be edited individually.
  2. On the export editing form (which is almost identical to the screenshot above) change any of the options, including the directory to share.
  3. If you want to delete the export, click the Delete button at the bottom-right of the page. Otherwise, click Save to save your changes. Either way, your browser will return to the module's main page.
  4. Click the Apply Changes button to make the changes active.

NFS on Solaris

On Solaris, NFS exports are managed by the separate NFS Shares module. Because Solaris uses a different file (/etc/dfs/dfstab) and file format for storing exports, the module's user interface is different to that of the Linux module. The screenshot below shows the main page of the NFS Shares module - as you can see, exports are configured by directory instead of by client.


The Solaris NFS Shares module

To add a new NFS export on Solaris, follow these steps :

  1. Click on the Start sharing a new directory link, which will take you to a form for entering the details of the new export.
  2. Enter the directory that you want to share in the Directory field.
  3. Fill in the Read-only access and Read-write access fields with the hostnames of clients that you want to grant access to. As the names suggest, a host in the Read-only field will not be able to write to or modify files on the server. In addition to hostnames, you can also enter networks using the format @192.168.1 or @192.168.1/24 , NIS netgroups or even DNS domains like .foo.com (the leading dot indicates an entire domain).
  4. By default, the root user on clients will have only limited access to files on the server. To give root on some clients full file access privileges, enter their hostnames, networks, netgroups or domains into the Root access field.
  5. Click the Save button at the bottom of the page to create the export. Unless you have made a mistake on the form, your will be returned to the list of exported directories.
  6. Click the Apply Changes button to make your new export active.

Existing NFS exports can be edited by simply clicking on a directory on the main page of the module. The same form as is used for creating an export will appear, allowing you to change any of the options. If you want to delete the export, click the Delete button at the bottom of the page. Be sure to click Apply Changes again after making any changes so that they will become active.

NFS on BSD, MacOS X and OpenServer

FreeBSD, NetBSD, OpenBSD, OS X and OpenServer all use the /etc/exports file for storing NFS exports, but its format is different to other operating systems. This means that they use a different NFS Exports module, which has its own unique user interface as shown in the image below.Exports are configured by directories instead of by client, and you can specify options and allowed clients for multiple directories at once.


The BSD NFS Exports module

To add a new NFS export on one of these operating systems, follow these steps :

  1. Click on the Add a new export link on the main page of the module. A form for entering the details of the new NFS export will appear.
  2. Enter the directories that you want to share into the *Directories to export* field. Be aware that multiple directories on the same filesystem cannot be exported to the same client separately.
  3. If you want to allow clients to mount subdirectories as well, select the Export subdirectories? option. However, if this is enabled only one directory can be entered in the *Directories to export* field, and it must be the root of a filesystem.
  4. To give all clients read-only access, set the Read only? option to Yes.
  5. To limit access to a single host or list of hosts, select *Hosts / netgroups* for the Clients option and enter as many hostnames, IP addresses or netgroups into the field. To limit access to an entire network, select the Network option and entire the network address (like 192.168.1.0) and netmask (like 255.255.255.0) into the respective fields.
  6. Click the Save button to create the export and you will be returned to the list of exports on the main page.
  7. Click the Apply Changes button to make your new export active.

Existing NFS exports can be edited by simply clicking on a directory on the main page of the module. The same form as is used for creating an export will appear, allowing you to change any of the options, or click the Delete button to get rid of it. Be sure to click *Apply Changes* again after making any changes so that they will become active.

NFS on Irix

Irix has its own unique format for the /etc/exports file that is similar to the BSDs, but not quite the same. Therefore is also has its own special version of the NFS Exports module, with a slightly different user interface. The main page of the module lists the directories being exported and the hosts they are exported to, in a very similar layout to the BSD NFS Exports module shown above.

To add a new NFS export on Irix, follow these steps :

  1. Click on the Add a new NFS export link on the main page, which will take you to a form for entering the new export's details.
  2. Enter a directory into the Directory to export field.
  3. Enter the hostnames, IP addresses and netgroups of clients that you want to grant access to into the Export to hosts/netgroups field. If this field is left empty, any host will be allowed to mount the exported directory.
  4. To prevent all clients for modifying exported files, set the Read-only? option to Yes.
  5. If you want to give read/write access to some clients and read-only access to others, enter the hostnames or IP addresses of the read/write clients into the Read/write access field.
  6. By default, the root user on clients will have only limited access to files on the server. To give root on some clients full file access privileges, enter their hostnames or IP addresses into the Root file access field.
  7. Click the Save button to create the export and you will be returned to the list of exports on the main page, as long as there are no errors in the form.
  8. Click the Apply Changes button to make your new export active.

Existing NFS exports can be edited or deleted by clicking on their directory on the module's main page. If you make any changes, you must click the Apply Changes button to make them active.