Project89.Set up an NFS Server

Previous page
Table of content
Next page

Project 89. Set up an NFS Server

"How do I share my files with other Unix machines?"

Mac OS X does not naturally export NFS shares the way it does AFP shares. This project shows how to configure your Mac to be an NFS server, thereby allowing other Unix machines to share your files. Project 88 shows how we might mount an NFS share on a client machine and, although written for Mac OS X, applies to any Unix client.

Learn More

Project 7 explains users, groups, UIDs, and GIDs.


Set up a Simple NFS Server

NFS (Network File System) is the industry-standard method of exporting and mounting shares in a Unix environment. Its role is roughly equivalent to that of AppleShare in a Mac OS environment.

NFS is much more complex and capable than this simple example suggests. Indeed, whole books have been written on the subject. The project provides only a minimal example, being just enough to export a share that can be mounted by a Mac OS X or Unix client.

NFS does not employ password authentication but relies on user accounts having consistent user and group IDs (UID and GID) across the server and all clients.

Warning

NFS is not inherently secure and should be used only for trusted local networks.


Define Exports

On the server, we must define the shares that are to be made available to NFS clients. We can use Apple's NetInfo Manager application or edit the Unix flat files in the directory /etc. We'll choose the latter method, as it's more traditionally Unix.

Learn More

Refer to "How to Become the Root User" in Project 2 for more information about issuing commands as the root user.


Let's create a share by exporting the directory /Users, thereby making the home directory of each user available to NFS clients: This complements the mount example given in Project 88. To create a share, we need only change (or create) the file /etc/exports, which we must do as the root user. The syntax to define an NFS share is (all on one line)

directory-to-share -alldirs -maproot=nobody -network=ip-address -mask=subnet-mask


Learn More

Refer to the projects in Chapter 4 if you are not familiar with using any of the Unix text editors.


For example, we might add the line

/Users -alldirs -maproot=nobody -network=10.0.2.0 ¬     -mask=255.255.255.0


Let's examine this line:

  • /Users is the full pathname of the directory we want to share.

  • Option -alldirs makes all subdirectories of /Users available to clients.

  • Option -maproot=nobody tells NFS that the root user on the client machine does not have root permissions on files in the mounted share. Recall that authentication is done by UID and GID, and that the root user will have IDs of 0 on both the client and server. Change this option to -maproot=root to allow full root access to the share from client machines.

  • Option -network=10.0.2.0 says that only machines on the specified (local) network may mount the share, thereby protecting the share from clients outside your local network. You might instead specify a network such as 192.168.0.0, depending on the IP range of your local network.

  • Option -mask=255.255.255.0 defines the extent of the local subnet in the usual "netmask" manner. In our example, we allow access to all clients with an IP address in the range 10.0.2.0 to 10.0.2.255 (or 192.168.0.0 to 192.168.0.255).

To activate the share, reboot your Mac. The NFS server daemon will now be running, and the share Users will be available to any NFS client whose IP address lies in the allowed range.

Starting NFS

The NFS server is started automatically when your Mac boots if shares are defined in either the file /etc/exports or Apple's NetInfo Manager application. The Startup Item NFS, in the directory /System/Library/StartupItems, takes care of this: It launches two daemons called mountd and nfsd. The mountd daemon services mount requests, and nfsd services all other NFS calls.


Enable a Pre-Tiger system

In versions of Mac OS X before 10.4 (Tiger) you'll probably have to enable flat-file mounts. To do so, type

# mkdir /etc/lookupd # echo "FF NI DS" >> /etc/lookupd/mounts


Avoid Rebooting

It's possible to start the NFS server by hand. As the root user, type

# mountd # nfsd -t -u -n 6


In versions of Mac OS X before 10.4 (Tiger), in which you had to create the file mounts in the directory /etc/lookupd, also type

# kill -HUP $(head -n1 /var/run/lookupd.pid)


If you make changes to /etc/exports after the NFS daemons have been launched, you must either reboot or reload the mountd daemon by typing

# kill -HUP $(head -n1 /var/run/mountd.pid)


Tip

Debug your NFS server by starting the NFS daemon by hand and putting it in debug mode by typing

# mountd -d


If the daemon is already running, kill it first by typing

# kill -KILL $(head -n1 ¬     /var/run/mountd.pid)



Mount a Share

Refer to Project 88 if you want to know how to mount the share Users on a client machine.

Other Share Examples

To export the entire system volume, add the following line to /etc/exports.

/ -alldirs -maproot=nobody -network=10.0.2.0 ¬     -mask=255.255.255.0


To export the shared home directory /Users/Shared to the whole world, add the following line to /etc/exports.

/Users/Shared -ro -mapall=nobody


The option -ro says to make the share read only. We have mapped all users to the user nobody to increase security further. We do not specify a network, thus opening the share to all clients, no matter what their IP addresses are.



Previous page
Table of content
Next page
Mac OS X UNIX 101 Byte-Sized Projects
Mac OS X Unix 101 Byte-Sized Projects
ISBN: 0321374118
EAN: 2147483647
Year: 2003
Pages: 153
Authors: Adrian Mayo
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
A+ Fast Pass
SQL Hacks
Cultural Imperative: Global Trends in the 21st Century
DNS & BIND Cookbook
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy