<script type="text/javascript"> slides = { title: 'NFS', copyright: 'Dr Joe Francom (Utah Tech University)', course: 'IT 3110', }; </script>

IT 3110 : Advanced System Administration

NFS

What is NFS

  • Network File System
    • Platform independent (although not often used with windows)
    • developed by Sun (now is an open standard)
    • Client/server model
    • Implemented through RPC and files are available over network via VFS
  • Virtual File System (VFS)
    • Interface on top of Tcp/ip layer.
    • Remote system accesses look/feel like they are local

Why NFS

  • We can simplify management
    • How? (i.e. /home directories can reside on a single server and be shared to others)
    • RAID that machine
    • Still single point of failure
    • Easier to backup

Clients

  • File i/o commands are given.
  • Kernel and user-space daemons do some work
    • the client mounts the remote filesystem onto the clients local fs namespace
    • access to remote fs appear as though they were local
  • Multiple clients can mount the same fs and users can share files
  • This can be done at boot time (fstab)
  • mount command.

Server

When receiving a MNT request from an NFS client, rpc.mountd checks both the pathname and the sender's IP address against its export table. If the sender is permitted to access the requested export, rpc.mountd returns an NFS file handle for the export's root directory to the client. The client can then use the root file handle and NFS LOOKUP requests to navigate the directory structure of the export.

  • man page
  • /etc/exports
  • nfsd

Tidbits

  • RPC - Remote procedure call -
  • NFSv3 and prior were stateless, newest version is stateful nfsv4.
  • v3 also had a separate service (NLM-network lock manager) to deal with file locking, v4 is built in.
  • v4 uses tcp. (port 2049)
  • Maybe this image will be useful.

Exports

  • Config file /etc/exports gives configuration options and allowed hosts to access.
    • single host, wildcards, ip/mask

Export options (some)

  • rw
  • async (This option allows the NFS server to violate the NFS protocol and reply to requests before any changes made by that request have been committed to stable storage (e.g. disc drive). Using this option usually improves performance, but at the cost that an unclean server restart (i.e. a crash) can cause data to be lost or corrupted.
  • sync (Reply to requests only after the changes have been committed to stable storage)(default)
  • no_subtree_check, This option disables subtree checking, which has mild security implications, but can improve reliability in some circumstances. (see man page)

Export options (some)

Very often, it is not desirable that the root user on a client machine is also treated as root when accessing files on the NFS server. To this end, uid 0 is normally mapped to a different id: the so-called anonymous or nobody uid. This mode of operation (called 'root squashing') is the default, and can be turned off with no_root_squash. (see man page)