|
Your setup works basically now, but if you want to use
NFS on a regular you want more convenience and more security.
To mount NFS directories at boot time, you have to enter appropriate lines
into /etc/fstab. Here, this line looks like this
192.168.1.75:/usr/export /mnt/disk nfs rw,hard,intr
0 0
Apart from the options, all entries should be clear
(if not, read the article on mounting). rw stands for read and write, the
other two specify what the client should do in case of an NFS server outage.
With these options set, the process will hang until the server is back up
and then carry on running.
Having entered that line and saved the fstab file, do a
service netfs restart
which will mount the NFS directory instantly (you will
need portmap running on the clients for that). In future sessions this will
be done automatically.
NFS isn't a secure protocol. There are safety rules
you should keep in mind:
-
Do not use the 'no_root_squash' option. If you need
safe root access, useSSH and su.
-
'portmap' has had a number of serious security issues
in the past. Therefore secure portmap via '/etc/hosts.deny' and '/etc/hosts.allow'.
Enter
portmap: ALL
into '/etc/hosts.deny' and then use something like
portmap: 192.168.1.0/255.255.255.0
in '/etc/hosts.allow' to unblock portmap for the
machines in the 192.168.1.* subnet exclusively. Or even only allow single
machines by IP.man 5 hosts_access has more.
Furthermore you should block the ports 111 (TCP/UDP), 745 (UDP), 747 (TCP)
and 2049 (TCP/UDP) from all access by untrusted networks.
-
Do not connect the NFS server to the Internet. Protect
the clients with a firewall. At least shut NFS down while connected.
-
NFS relies on the client to properly authenticate
users. If your network has clients to which other people have root access,
or which can be booted from a floppy, you have to consider that all
NFS mounted data can be eventually read by any other user.
 section index  top
-
Currently, ReiserFS and NFS do not work well together.
You can install Linux from an NFS mount on ReiserFS partition, I've done
that, but for bigger tasks you should rely on extfs2.
-
'supermount' and NFS don't work together. To export
a CD, unmount it and remount it with 'mount'.
-
/etc/exports is very picky about syntax: make sure
you do noteventually leave an empty space between the client name
and the option(s):
"/etc/exports is VERY sensitive to whitespace
- so the following statements are not the same:
/export/dir hostname(rw,no_root_squash)
/export/dir hostname (rw,no_root_squash)
The first will grant hostname rw access to /export/dir without squashing
root privileges. The second will grant hostname rw privs w/root squash and
it will grant EVERYONE else read-write access, without squashing root privileges.
Nice huh?" (NFS HOWTO)
-
NFS is a stateless protocol. Therefore a wrong configuration
on the client can have serious consequences if the NFS server goes down.
Do not mount NFS exported directories to / or directories which are part
of users' or root's $PATH. Consider changing the options in /etc/fstab from
'hard,intr', to 'soft,timeo=300'. This allows processes to die after 30 seconds
of server inactivity.
-
If you are installing ML via NFS, copy the content
of the CDs onto the hard disk. You can't install from an NFS mounted CD.
Copy the RPMS from the second, third etc CDs into the same directory where
the RPMS from the first CD are. Apart from that, the process is pretty much
the same like the other installation methods.
section index top
|
