Summary

NOTE

You're not supposed to need to change these settings, but if your experience is like ours, the AUTOMATIC setting for NFSLOCKS specified in /etc/hostconfig won't actually work automatically for you. To get things working, we needed to edit /etc/hostconfig and set both of this to YES.

CAUTION

You might need to disable the automounter to get your machine to properly mount NFS directories. This is accomplished by changing the setting in /etc/hostconfig to NO. This change was not necessary under 10.1.x versions of Mac OS X and, based on some information on the Internet, is not the case for all users of 10.2 and 10.3. However, we have seen several machines where the behavior of NFS is pathologically wrong when the automounter is enabled. The symptoms of the problem are

• The directory to which you attempt to mount the remote filesystem is deleted and replaced by a symbolic link to a directory in the /automount/ directory.

• The directory in the /automount/ cannot be entered, lsed, or otherwise read, but mount claims that the remote directory is mounted.

• The remote directory cannot be unmounted without rebooting the machine; you might also find that any attempt to read the supposedly mounted directory (even just trying to get its name to autoexpand at the command line using <TAB>) causes your shell to hang indefinitely.

If you experience these problems and still want to use NFS, disable the automounter by changing its YES enTRy to NO in /etc/hostconfig, and reboot your machine. With automount off, NFS should work in much more the fashion that the documentation suggests.

AUTOMOUNTER ANTIFANS

We aren't big fans of the automounter (/usr/sbin/automount). Even when it's working, it seems like the wrong thing to do. The automounter is supposed to be this magical (or at least poorly documented) utility that remembers filesystems that have been previously mounted and remounts them automatically whenever they're needed. The problem with this idea, other than the fact that in our cumulative 40-odd years of using Unix we've never seen a nontrivial system using automount where automount actually worked the way anyone wanted it to, is that automount removes control from the machine's administrator. You want to mount a directory of data under /usr/local/data/? The automounter, in all its wisdom, will insist on mounting it under /automounter/ and making a symbolic link to its mount point. Have software that won't work through a symbolic link? Tough. What's worse, on some systems, after it's seen a filesystem once, the automounter will keep mounting (or trying to mount) that filesystem forever, even after you've removed the control definition and tried to make it stop. With the exquisite level to which we're used to being able to configure and control our hardware, this behavior is simply unacceptable for a Unix machine.

No, we aren't fans of the automounter at all, and we generally have it turned off on our systems just as a matter of principle. We won't tell you that you have to turn it off, and for lack of documentation, we aren't even sure what unusual twists Apple might have woven into its version. To make NFS work at all on the machines we tested 10.2 with, the automounter had to be turned off. We haven't had much trouble with 10.3, but it's been enough of a problem that we just don't trust it, so our examples are going to be based on the assumption that it's turned off. Some people make automount work on their machines and are happy with how it works, so you very well might be able to make these examples work or manage a setup in your own preferred configuration without shutting off automount. If you can, wonderful perhaps automount just hates us old curmudgeons.

1.

Back up your NetInfo database.

2.

Plan where you want your Mac OS X machine to mount the remote host's filesystem. Unlike what you might be familiar with on AppleShare volumes, which mount as "drives" on the desktop, NFS filesystems can be grafted into your directory tree anywhere. Essentially, the directory structure rooted at the directory or file system that is exported can be made to appear exactly as it does on the remote host, as though it were any subdirectory of your choosing on your system.

The purpose of the remote filesystem might guide you in deciding where to mount it on your machine. For example, it is common, when a filesystem with a users' home directories are involved, that a machine mounting such a filesystem frequently does so in a directory hierarchy of /net/<remote_host>/home. If the remote filesystem is simply a filesystem used for storage, any way you want to mount it is probably suitable. Temporary mounts that you don't expect to reuse later are frequently done as subdirectories of /mnt/. Of course, you can change the name of the mount point and remount the filesystem later if you find that you do not like what you picked. Extra thought up front is particularly important, though, when the remote filesystem is used for users' home directories because more people than just yourself will need to know about and understand any changes that you make later on down the road.

In our example, we are going to mount a filesystem used for storage. On our machine, we want it to be mounted in a directory called /morespace/mother (mother is the name of the host that will serve the filesystem). We're creating the mount point in a subdirectory of the root directory, rather than directly in the root directory, because we might eventually want to add other storage filesystems from other remote hosts, and we want to be able to keep them straight. Another consideration would be a hierarchy similar to typical user hierarchies, such as /net/<remote_host>/morespace. If it's the only filesystem of its type that'll be mounted, there's no real need to have the mount point clearly include the host of origin.

After you have decided what to call the mount point, make it mount points are simply directories. They don't even have to be empty if you want the directory to contain one set of files when you have the remote system mounted and another when it's not. (A particularly nifty option available in the Mac OS X NFS client, union filesystems, allows you to see the files in both the local and remote directories simultaneously. See the mount_nfs docs for more information.)

 brezup:root ray # cd /        brezup:root / # mkdir morespace brezup:root / # mkdir morespace/mother brezup:root / # ls morespace/mother brezup:root / #  

3.

Using your favorite text editor, create a file with the contents of the following form:

 { "opts" = ( "w" ); "dir" = ( "/<mountpoint>/" ); "name" = ( "<remote_host>:<remote_filesystem>"); "vfstype" = ( "nfs" ); } 

 { "opts" = ( "w" ); "dir" = ( "/morespace/mother" ); "name" = ( "192.168.1.4:/innerspace"); "vfstype" = ( "nfs" ); } 

4.

Run niutil to create a new directory in the mounts directory of the NetInfo database:

 brezup:root / # niutil -create . /mounts/new1 

5.

Run niload to load the file into the NetInfo database:

 brezup:root / # niload -r /mounts/new1 . < mount-test.txt 

6.

Look at the updates in the mounts section of the NetInfo database either using the command line or the NetInfo Manager. If you are using the command line, you might find it easier to see the values by directory number rather than directory name.

Here are the command-line results in our example as seen using niutil:

 brezup:root / # niutil -list . /mounts 82       192.168.1.4:/innerspace brezup:root / # niutil -read . 82 opts: w dir: /morespace/mother name: 192.168.1.4:/innerspace vfstype: nfs 

7.

After you have verified that the updates to your NetInfo database are correct, tell your machine to mount the filesystem, and take a look at what's happened:

 brezup:root / # ls /morespace/mother/ brezup:root / # brezup:root / # mount -t nfs -a brezup:root / # ls /morespace/mother/ apache_1.3.26                          tcpwrappers apache_1.3.26-src.tar                  wu-ftpd-2.6.1-linux-anon danspage                               wu-ftpd-2.6.1-linux-anon.tar.gz fcsafiles                              wu-ftpd-2.6.1-linux-both ftpaccess-mother-anon                  wu-ftpd-2.6.1-linux-both.tar.gz . . . 

TIP

If you later notice that it's suddenly taking a lot longer to start up, it might be because the NFS server that you've been mounting is not available. Depending on the options you configure, this can cause your machine to hang indefinitely. Such indefinite hangs aren't inevitable, however; check the man pages for the details regarding retries and under what conditions clients should allow a mount to fail.

1.

Back up the NetInfo database.

2.

Create the local mount point for the remote filesystem.

3.

Create a one-line file containing the mount information. The one-line file has these fields, which can be separated by spaces or tabs:

 rosalyn:/space /extraspace  nfs rw 0 0 

4.

Run niload to load the fstab format file into the NetInfo database. In our example, we used fstab-test as the fstab formatted file:

 brezup:root / # niload fstab . < fstab-test 

5.

Mount the filesystem with mount -t nfs -a, and check your results as previously demonstrated.

Run the same sorts of command-line tools you ran in the previous section, such as mount and ls. If your automounter is working for you, you might also want to check the list of volumes on your Mac OS X desktop, and/or the /Computer/Network/Servers path in the Finder, because you will hopefully find a pleasant surprise there, too. Behavior here seems inconsistent, and what mount points will be seen as remote servers and what won't are still a bit of a mystery to us.

NOTE

Any changes you make to the NFS mounts by tweaking the NetInfo database and manually running mount are available immediately via the command line. If you want to make the NFS mounts available via the Finder immediately as well, you might have to reboot after making your changes to the mounts in the NetInfo database. There's undoubtedly a process or two that could be restarted to cause the Finder to recognize the existence of the new network disk resources, but we haven't made this work reliably yet. Restarting is slow, but bulletproof.

mount

Mounts filesystems.

mount

mount [-adfruvw] [-t ufs | lfs | <external_type>]

mount [-dfruvw] <special> | <node>

mount [-dfruvw] [-o <options>] [-t ufs | lfs | <external_type>] <special> | <node>

mount invokes a filesystem-specific program to prepare and graft the <special> device or remote node (rhost:path) on the file system tree at the point <node>. If neither <special> nor <node> is specified, the appropriate information is taken from the fstab file.

The system maintains a list of currently mounted filesystems. If no arguments are given to mount, this list is displayed.

-a

All the filesystems described in your NetInfo mounts directory or fstab control file are mounted. Exceptions are those marked as noauto or are excluded by the -t flag.

-r

Mounts the filesystem read-only (even root may not write to it). The same as the rdonly subargument to the -o option.

-u

Indicates that the status of an already mounted filesystem should be changed. Any of the options available in -o may be changed. The filesystem may be changed from read-only to read-write or vice versa. An attempt to change from read-write to read-only fails if any files on the filesystem are currently open for writing unless -f is also specified.

-v

Enables verbose mode.

-w

Sets the filesystem object to read-write.

-t ufs | lfs |<external_type>

Specifies a filesystem type. Default is type ufs. The option can also be used to indicate that the actions should be performed only on the specified filesystem type. More than one type may be specified in a comma-separated list. The prefix no added to the type list may be used to specify that the actions should not take place on a given type. For example, mount -a -t nonfs,mfs indicates that all filesystems should be mounted except those of type NFS and MFS. mount attempts to execute a program called mount_XXX where XXX is the specified typename.

-o

Specifies certain options. The options are specified in a comma-separated list.

The following options are available for the -o option:

noauto

Skips this filesystem when mount is run with the -a flag.

nodev

Does not interpret character or block special devices on the filesystem. The option is useful for a server that has filesystems containing special devices for architectures other than its own.

noexec

Does not allow the execution of any binaries on the mounted filesystem. This option is useful for a server containing binaries for an architecture other than its own.

nosuid

Does not allow set-user-identifier or set-group-identifier bits to take effect.

rdonly

Same as -r. Mounts the filesystem read-only. Even root may not write to it.

union

Causes the namespace (that is, the files that appear there) at the mount point to appear as the union of the mounted filesystem root and the existing directory. Lookups are done on the mounted filesystem first. If operations fail due to a nonexistent file, the underlying filesystem is accessed instead. All new files and directories are created in the mounted filesystem.

Any additional options specific to a given filesystem type may be passed as a comma-separated list. The options are distinguished by a leading -. Options that take a value have the syntax -<option>=<value>.

mount_nfs

Mounts NFS filesystems.

mount_nfs [-23KPTUbcdilqs] [-D <deadthresh>] [-I <readdirsize>] [-L <leaseterm>] [-R <retrycnt>] [-a <maxreadahead>] [-g <maxgroups>] [-m <realm>] [-o <options>] [-r <readsize>] [-t <timeout>] [-w <writesize>] [-x <retrans>] <rhost>:<path> <node>

-T

Uses TCP transport instead of UDP. This is recommended for servers not on the same LAN cable as the client. This is not supported by most non-BSD servers.

-U

Forces the mount protocol to use UDP transport, even for TCP NFS mounts. Necessary for some old BSD servers.

-b

Backgrounds the mount. If a mount fails, forks a child process that keeps trying the mount in the background. This option is useful for a filesystem not critical to multiuser operation.

-c

Does not perform a connect for UDP mounts. This must be used for servers that do not reply to requests from the standard NFS port number 2049. It might also be required for servers with more than one IP address if replies come from an address other than the one specified in the mount request.

-d

Turns off the dynamic retransmit timeout estimator. This might be useful for UDP mounts that exhibit high retry rates; it is possible for the dynamically estimated timeout to be too short.

-i

Makes the mount interruptible. The filesystem calls that are delayed due to an unresponsive server fail with EINTR when a termination signal is posted for the process.

-s

Soft mount. Filesystem calls fail after <retrycnt> round-trip timeout intervals.

-R <retrycnt>

Sets the retry count for doing the mount to <retrycnt>.

-a <maxreadahead>

Sets the read-ahead count to <maxreadahead>. This value may be in the 0 4 range, and determines how many blocks are read ahead when a large file is being read sequentially. A value larger than 1 is suggested for mounts with a large bandwidth * delay product.

-o <options>

Options are specified as a comma-separated list of options. See mount for a listing of the available options.

-r <readsize>

Sets the read data size to <readsize>. It should normally be a power of 2 >= 1024. This should be used for UDP mounts when the fragments dropped due to timeout value are getting large while actively using a mount point. Use netstat -s to get the fragments dropped due to timeout value. See the -w option.

-t <timeout>

Sets the initial retransmit timeout to <timeout>. Might be useful for fine-tuning UDP mounts over networks with high packet loss rates or an overloaded server. Try increasing the interval if nfsstat shows high retransmit rates while the filesystem is active, or try reducing the value if there is a low retransmit rate but long response delay observed. Normally the -d option is also used when using this option to fine-tune the timeout interval.

-w <writesize>

Sets the write data size to <writesize>. See comments regarding the -r option, but using the fragments dropped due to timeout value on the server rather than the client. The -r and -w options should be used only as a last resort to improve performance when mounting servers that do not support TCP mounts.

-x <retrans>

Sets the retransmit timeout count for soft mounts to <retrans>.

umount

Unmounts filesystems.

umount [-fv] <special> | <node>

umount -a | -A [-fv] [-h <host>] [-t <type>]

-f

Forcibly unmounts the filesystem. Active special devices continue to work, but all other files return errors if further accesses are attempted. The root filesystem cannot be forcibly unmounted.

-v

Enables verbose mode.

-a

All the filesystems described in fstab are unmounted.

-A

All the currently mounted filesystems except the root are unmounted.

-h <host>

Unmounts only filesystems mounted from the specified <host>. This option implies the -A option and, unless otherwise specified with the -t option, will only unmount NFS filesystems.

-t <type>_

Is used to indicate that actions should be taken only on filesystems of the specified <type>. More than one type may be specified in a comma-separated list. The list of filesystem types can be prefixed with no to specify the filesystem types for which action should not be taken. For example, the umount command umount -a -t nfs,mfs unmounts all filesystems of the type NFS and MFS.

1.

Back up the NetInfo database.

2.

If you plan to export a filesystem that currently contains a space in the name, change its name to something that does not have a space. Mac OS and Mac OS X deal with spaces okay, but they confuse many more traditional Unix systems. If you're only going to be working among Mac OS X systems, spaces might be all right, but you'll probably find that they will eventually be trouble. The same goes for most characters outside basic alphanumerics.

3.

Enter exports information into the NetInfo database. Unfortunately, despite what the man page says, the niload command currently does not understand the typical exports format. So, in this case, you cannot make an exports format file and load that into NetInfo. You must either make a file that follows the same kind of format you saw in the first mount example (the format with braces, parentheses, and quotes), or you must enter the information into the NetInfo database using the NetInfo Manager.

Because I am so poor at balancing all the appropriate characters, parentheses, and quotes needed to make one of the raw NetInfo files, I prefer to do this through the NetInfo Manager. Our instructions are specifically for the NetInfo Manager. However, you should choose whichever method you are most comfortable with.

Open the NetInfo Manager, and select the local domain. Click in the lock to make changes, and enter the administrator username and password. With the root (/) directory selected, select Directory, New Subdirectory from the menu. Change the name of new_directory to exports, and save the change.

4.

Click the exports directory. Select Directory, New Subdirectory from the menu. Give this subdirectory the name of the filesystem you want to export. Save it. Now select the new directory and add a clients property whose value is a list of clients that the filesystem should be exported to use insert value with the clients property selected to add multiple client values. Add an opts property with any options you want to specify, based on the exports man page ro is common if you want the filesystem to be read-only to remote clients that mount it, whereas rw allows read-write access. alldirs allows clients to mount arbitrary subdirectories from the filesystem instead of the whole filesystem.

Figure 20.12 shows the settings that we used for exporting our filesystem. Note that you should not use the maproot mapping option we used, maproot=root, unless you can trust the remote system and administrator as highly as you trust your own.

5.

Save your changes to the exports directory and then restart the NetInfo servers for your local domain. Click the lock to prevent further changes.

6.

Reboot the machine and then test the results. Alternatively, you can (as root) run SystemStarter start NFS (or, if you've already got NFS exports and are just making changes, SystemStarter restart NFS).

A quick test that you can do on your Mac OS X machine is to run mount:

 brezup:ray ray $ mount /dev/disk1s3 on / (local, journaled) devfs on /dev (local) fdesc on /dev (union) <volfs> on /.vol /dev/disk0s9 on /Volumes/Racer-9 (local) /dev/disk0s10 on /Volumes/Racer-X (local) /dev/disk0s11 on /Volumes/Wills_Data (local) /dev/disk0s12 on /Volumes/Software (local) /dev/disk0s13 on /Volumes/Temp (NFS exported, local) rosalyn:/space on /extraspace 192.168.1.4:/innerspace on /morespace/mother 

 brezup:ray ray $ showmount -e Exports list on localhost: /Volumes/huge                      192.168.1.13 

 Rosalyn joray 87 > ls /net/brezup/huge AppleShare PDS           TheFindByContentFolder   osx-misc.tar Desktop DB               TheVolumeSettingsFolder  test Desktop DF               Trash                    â¢T+â¢It's HUUUGE Desktop Folder           lpd-spool-working.tar 

 brezup:ray ray $ ls /Volumes/huge AppleShare PDS               TheFindByContentFolder    osx-misc.tar Desktop DB                   TheVolumeSettingsFolder   test Desktop DF                   Trash                     ???T+???It's HUUUGE Desktop Folder               lpd-spool-working.tar 

Exports

Defines remote mount points for NFS requests.

The exports file specifies remote mount points for NFS mount protocol per the NFS server specification.

In a mount enTRy, the first field specifies the directory path within a server filesystem that clients can mount. There are two forms of this specification. The first form is to list all mount points as absolute directory paths separated by whitespace. The second form is to specify the pathname of the root of the filesystem followed by the -alldirs flag. This form allows hosts to mount at any point within the filesystem, including regular files if the -r option is used in mountd. The pathnames should not have any symbolic links, or . or .. components.

The second component of a line specifies how the filesystem is to be exported to the host set. The options specify whether the filesystem is exported read-only or read-write and how the client UID is mapped to user credentials on the server.

The third component of a line specifies the client host set. The set may be specified in three ways. The first is to list the hostnames separated by whitespace. Standard Internet dot addresses may be used instead. The second way is to specify a netgroup, as defined in netgroup. The third way is to specify an Internet subnetwork using a network and network mask.

Export options are as follows:

-maproot=user

Credential of the specified user is used for remote access by root. The credential includes all groups to which the user is a member on the local machine. The user may be specified by name or number.

-mapall=user

-r

Synonym for -maproot for backward compatibility with older export file formats.

When neither -maproot nor -mapall is specified, remote accesses by root result in a credential of-2:-2. All other users are mapped to their remote credential. If a -maproot option is given, remote access by root is mapped according to the specified value instead of -2:-2. If -mapall is given, the credentials of all users, including root, are mapped as specified.

-ro

Specifies that the filesystem should be exported read-only.