To set up an NFS file server, you specify shared directories in the /etc/exports text file and then stop and restart the rpc.mountd and rpc.nfsd daemons. Each line of the /etc/exports file specifies a directory that users can access. Sharing a directory using NFS is called exporting a directory. When you export a directory using NFS, the users that you have given access to the directory can mount the directory on their computers. You must be logged in as the root user to set up an NFS server.
Setting up an NFS server lets network users share files and obtain access to directories. Allowing other users to access the file system of your computer can pose a security risk. This security risk is greater if your network is connected to outside networks, such as the Internet. Configuring the /etc/exports file with permissions is one of the ways you can stop users from gaining access to restricted files. This is only a basic security method. You should find out more about network security before exporting directories using NFS.
In addition to the basic read-only (ro) or read/write (rw) access you specify for each entry in the /etc/exports file, you can also add the following security options:
squashlets you make the user ID for root (UID 0) unavailable for hosts other than the server. When a client who is the root user (UID 0) logs into the server, the server maps the client's UID, formerly the root user ID 0, to the anonymous user ID (the default is 65534). The anonymous user has restricted permissions on the server. The NFS server defaults to root squashing. You can turn off root squashing by specifying no_root_squash. You can also add security by specifying all_squash which maps all user requests to the anonymous user ID.
no accesslets you export a directory to a user, but restrict access to directories or files within the exported directory's hierarchy
securelets you reject all user requests that arrive on an Internet port that is greater than 1024. This is the default setting. You can turn off this security measure by adding the "insecure" option to an entry.
In the following example, the /etc/exports file shows the format of the security options.
#sample /etc/exports file
/ lola (rw, no_root_squash)
/share *.local.domain (ro, insecure, all_squash)
/share/mydocs (no access)
For information about the /etc/exports options, see the exports man page.
To set up an NFS Server
1. Click Application Starter, Utilities, Text Editor.
2. In the Text Editor, open the /etc/exports file.
3. Edit the /etc/exports file to specify which directories should be made available to NFS clients.
Entries should be made in the following format:
/<directory> <host><(options)>
4. Save your changes to the /etc/exports file.
5. Click Application Starter, Applications, Utilities, Console.
6. Type the following text to determine the process id for the rpc.nfsd daemon:
ps aux | grep nfsd
This command outputs a text line in the following format:
root <process id> 0.0 0.0 000 000 ? S 00:00 0:00 /usr/sbin/rpc.nfsd
7. Type the following text to stop and restart the rpc.nfsd daemon:
kill <process id>; /usr/.sbin/rpc.nfsd
8. Type the following text to determine the process id for the rpc.mountd daemon:
ps aux | grep mountd
This command outputs a text line in the following format:
root <process id> 0.0 0.0 000 000 ? S 00:00 0:00 /usr/sbin/rpc.mountd
9. Type the following text to stop and restart the rpc.mountd daemon:
kill <process id>; /usr/sbin/rpc.mountd