Linux 101 : NFS (Network File System) - rpc, portmapper, tcp wrappers, automount -
Network File System (NFS):
Remote hosts can mount filesystems over a network and use them in the same way they would a local files.
UDP consumes less resources and bandwidth than TCP.
When using UDP, we can restart the NFS server, the clients would still perform their tasks as usual.
When using UDP, we can restart the NFS server, the clients would still perform their tasks as usual.
UDP clients will keep sending requests if the server is not reachable which could clog up the network, this doesn't happen with TCP because of the feedback received from the server.
The RPC services:
The Portmapper:
When an RPC server program starts it picks up the first available port, it then contacts the port mapper with the program number and the port it is listening on through rpc.bind.
The client connects to the Portmapper to get information about the port a particular program is listening on before sending the request.
To sum it up:
- Registration of the mapping (RPC program number/ port number) when the RPC server starts and tells the Portmapper that the port number 2049 for nfs is associated with the RPC program number 1003.
- Client RPC client asks the Portmapper about the port associated with the program number 1003 (nfs), so it can connect to the server
Remark:
NFSv4 doesn't use the Portmapper and the RPC daemons (except for the rpc.mountd daemon).
TCP wrappers:
Client requests go through the TCP wrappers(like tcpd) and are denied or granted based on the access lists of the TCP wrapper
/etc/exports file:
The NFS server uses the /etc/exports file to see which file need to be exported to the clients.
/etc/exports file format:
/etc/exports examples:
When we put a space between the "host_name" and the options, the options apply to the rest of the users.
When we put a space between the "host_name" and the options, the options apply to the rest of the users.
Users from "host_name" can mount /home/Albert with the default access permissions (read-only)
With no space between the "host_name" and the permissions, the read/write options apply only to the "host_name" users, the others are denied access.
NFS processes (examples):
nfs — (/sbin/service nfs start)
Starts the NFS server and the RPC processes(rpc.statd, rpc.lockd,...) service requests for the shared resource.
nfslock — (/sbin/service nfslock start)
A service that allows clients to lock files.
Mount command:
To mount NFS share on the remote machine:
/etc/fstab file:
Another way to mount an NFS share is done by adding entries to the /etc/fstab file as below:
Examples of some options for the shares:
- hard or soft : the program using a file through NFS waits (hard) or sends an error (soft) when the server is not available.
- nolock : Disables locking of file.
- sec=mode : mode of security for authenticating an NFS connection.
- tcp : tells the NFS mount uses the TCP protocol.
- udp : tells the NFS mount to use the UDP protocol.
- nolock : Disables locking of file.
- sec=mode : mode of security for authenticating an NFS connection.
- tcp : tells the NFS mount uses the TCP protocol.
- udp : tells the NFS mount to use the UDP protocol.
Example of "/etc/fstab":
The automount utility:
Another way is to use the automount utility instead of /etc/fstab.
An automounter consists of two components:
- Automount that mounts and unmounts an NFS file systems automatically.
- autofs uses /etc/auto.master its configuration file.
For the NFS server V2/V3 we need the Portmaper and nfslock (on the client and the server machines):
Starting the nfslock service:
Stopping the NFS service:
Restarting the NFS server:
To reload the configuration file without restarting the service:
The exportfs Command:
We find the exported filesystems in the /etc/exports file.
After the NFS service, the program exportfs takes over to read the /etc/exports file, it initiates rpc.mountd (NFSv2/v3) to mount the file sytem, lastly rpc.nfsd starts.
The exportfs command allows the root user to add, allow or disable the export of directories without modifying the /etc/exports file or restarting the NFS service.
Comments