Setting Up An NFS Server And Client On Debian Etch

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Tue, 2007-12-04 17:08. :: Debian | Storage

Setting Up An NFS Server And Client On Debian Etch

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 11/29/2007

This guide explains how to set up an NFS server and an NFS client on Debian Etch. NFS stands for Network File System; through NFS, a client can access (read, write) a remote share on an NFS server as if it was on the local hard disk.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm using two Debian systems here:

  • NFS Server: server.example.com, IP address: 192.168.0.100
  • NFS Client: client.example.com, IP address: 192.168.0.101

 

2 Installing NFS

server:

On the NFS server we run:

apt-get install nfs-kernel-server nfs-common portmap

client:

On the client we can install NFS as follows:

apt-get install nfs-common portmap

 

3 Exporting Directories On The Server

server:

I'd like to make the directories /home and /var/nfs accessible to the client; therefore we must "export" them on the server.

When a client accesses an NFS share, this normally happens as the user nobody. Usually the /home directory isn't owned by nobody (and I don't recommend to change its ownership to nobody!), and because we want to read and write on /home, we tell NFS that accesses should be made as root (if our /home share was read-only, this wouldn't be necessary). The /var/nfs directory doesn't exist, so we can create it and change its ownership to nobody and nogroup:

mkdir /var/nfs
chown nobody:nogroup /var/nfs

Now we must modify /etc/exports where we "export" our NFS shares. We specify /home and /var/nfs as NFS shares and tell NFS to make accesses to /home as root (to learn more about /etc/exports, its format and available options, take a look at

man 5 exports

)

vi /etc/exports

# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync) hostname2(ro,sync)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt)
# /srv/nfs4/homes  gss/krb5i(rw,sync)
#
/home           192.168.0.101(rw,sync,no_root_squash)
/var/nfs        192.168.0.101(rw,sync)

(The no_root_squash option makes that /home will be accessed as root.)

Whenever we modify /etc/exports, we must run

exportfs -a

afterwards to make the changes effective.

 

4 Mounting The NFS Shares On The Client

client:

First we create the directories where we want to mount the NFS shares, e.g.:

mkdir -p /mnt/nfs/home
mkdir -p /mnt/nfs/var/nfs

Afterwards, we can mount them as follows:

mount 192.168.0.100:/home /mnt/nfs/home
mount 192.168.0.100:/var/nfs /mnt/nfs/var/nfs

You should now see the two NFS shares in the outputs of

df -h

client:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              30G  748M   27G   3% /
tmpfs                  63M     0   63M   0% /lib/init/rw
udev                   10M   52K   10M   1% /dev
tmpfs                  63M     0   63M   0% /dev/shm
192.168.0.100:/home    30G  764M   27G   3% /mnt/nfs/home
192.168.0.100:/var/nfs
                       30G  764M   27G   3% /mnt/nfs/var/nfs
client:~#

and

mount

client:~# mount
/dev/sda1 on / type ext3 (rw,errors=remount-ro)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
192.168.0.100:/home on /mnt/nfs/home type nfs (rw,addr=192.168.0.100)
192.168.0.100:/var/nfs on /mnt/nfs/var/nfs type nfs (rw,addr=192.168.0.100)
client:~#

 

5 Testing

On the client, you can now try to create test files on the NFS shares:

client:

touch /mnt/nfs/home/test.txt
touch /mnt/nfs/var/nfs/test.txt

Now go to the server and check if you can see both test files:

server:

ls -l /home/

server:~# ls -l /home/
total 4
drwxr-xr-x 2 administrator administrator 4096 2007-04-23 14:25 administrator
-rw-r--r-- 1 root          root             0 2007-11-29 21:43 test.txt
server:~#

ls -l /var/nfs

server:~# ls -l /var/nfs
total 0
-rw-r--r-- 1 nobody nogroup 0 2007-11-29 21:49 test.txt
server:~#

(Please note the different ownerships of the test files: the /home NFS share gets accessed as root, therefore /home/test.txt is owned by root; the /var/nfs share gets accessed as nobody, therefore /var/nfs/test.txt is owned by nobody.)

 

6 Mounting NFS Shares At Boot Time

Instead of mounting the NFS shares manually on the client, you could modify /etc/fstab so that the NFS shares get mounted automatically when the client boots.

client:

Open /etc/fstab and append the following lines:

vi /etc/fstab

[...]
192.168.0.100:/home  /mnt/nfs/home   nfs      rw,sync,hard,intr  0     0
192.168.0.100:/var/nfs  /mnt/nfs/var/nfs   nfs      rw,sync,hard,intr  0     0

Instead of rw,sync,hard,intr you can use different mount options. To learn more about available options, take a look at

man nfs

To test if your modified /etc/fstab is working, reboot the client:

reboot

After the reboot, you should find the two NFS shares in the outputs of

df -h

client:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              30G  748M   27G   3% /
tmpfs                  63M     0   63M   0% /lib/init/rw
udev                   10M   52K   10M   1% /dev
tmpfs                  63M     0   63M   0% /dev/shm
192.168.0.100:/home    30G  764M   27G   3% /mnt/nfs/home
192.168.0.100:/var/nfs
                       30G  764M   27G   3% /mnt/nfs/var/nfs
client:~#

and

mount

client:~# mount
/dev/sda1 on / type ext3 (rw,errors=remount-ro)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
192.168.0.100:/home on /mnt/nfs/home type nfs (rw,sync,hard,intr,addr=192.168.0.100)
192.168.0.100:/var/nfs on /mnt/nfs/var/nfs type nfs (rw,sync,hard,intr,addr=192.168.0.100)
client:~#

 

7 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by kumar (not registered) on Wed, 2011-05-18 21:51.

Hi,

I would like to know how do we enable NFS access logs by client ip addresses. 

The reason being, there is an infected Desktop in our LAN network, and it dumps the worms on the NFS share on Iomega appliance which based on Debian 5.0

Is there a way of finding out, which desktop is the culprit?

 

Submitted by Widianto (not registered) on Thu, 2009-11-05 09:46.
I have installed nfs4 in my Debian Server 5.0.3 with kernel 2.6.18.8, my problem is port 2049 didnt LISTEN so the client nfs didnt connect to the server, here the information :

ns2:/srv# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100024 1 udp 33284 status
100024 1 tcp 39745 status
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 33325 nlockmgr
100021 3 udp 33325 nlockmgr
100021 4 udp 33325 nlockmgr
100005 1 udp 33326 mountd
100005 1 tcp 51781 mountd
100005 2 udp 33326 mountd
100005 2 tcp 51781 mountd
100005 3 udp 33326 mountd
100005 3 tcp 51781 mountd


At the above, it show that nfs is running ok
ns2:/srv# lsof -i:2049
it show nothing!
ns2:/srv# nmap localhost

Starting Nmap 4.62 ( <!-- m -->http://nmap.org/<!-- m --> ) at 2009-11-05 07:43 UTC
Interesting ports on localhost (127.0.0.1):
Not shown: 1702 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
443/tcp open https
953/tcp open rndc
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql


I try to connet port 2049 via telnet

ns2:/srv# telnet localhost 2049
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused


ns2:/srv# /etc/init.d/nfs-kernel-server restart
Stopping NFS kernel daemon: mountd nfsd.
Unexporting directories for NFS kernel daemon....
Exporting directories for NFS kernel daemon....
Starting NFS kernel daemon: nfsd mountd.


And the /var/log said that :

ns2:~# tail -f /var/log/messages
Nov 5 06:52:21 ns3 kernel: nfsd: last server has exited
Nov 5 06:52:21 ns3 kernel: nfsd: unexporting all filesystems


Please help me!
Submitted by netbios (not registered) on Fri, 2009-06-19 20:09.

After several rather unsuccessful attempts get nfs working through diverse books and websites finally a comprehensive and easy to follow tutorial about nfs.

Submitted by albino3d (registered user) on Mon, 2008-02-04 07:36.

It should be noted that in Debian 4.0 (Etch) the portmap utility may not install properly (I think there is something in the configure portion of the package that is broken).  This may in turn cause long delays for mounts to work as well as break any file locking operations over NFS.  The workaround to this is on both client and server system run:

 dpkg-reconfigure portmap

then make sure to say "no" at the 'bind portmap to localhost' question

Also, you may need to add entries on both servers in /etc/hosts.allow:

client system: 

    portmap: 192.168.0.100

    statd: 192.168.0.100

server system:

    portmap: 192.168.0.101

    statd: 192.168.0.101

Note that later versions of nfs-kernel-server will gripe at each filesystem export about a missing option in the exports file no_subtree_check | subtree_check.  I advise going with 'no_subtree_check' as an option added to each export.  This will of course vary with the operations you expect to be performed on the NFS share.  

 

Submitted by seraphyn (registered user) on Thu, 2007-12-13 14:44.
Kerberos should be used, encryption is important and Userauth. The other Thing is, NFSv4 got now the Port 2049, this makes it ease to work with firewalls, than with the old one.
/home 192.168.0.101(rw,sync,no_root_squash)
This makes it ease to steal this share. So kerberos would be better.
Diffrences between rsize and wsize are absolut important, imo, the new one makes 32768 the old one 8192.

Greetings Seraphyn