setup NFS, exports and mac mounting

Subject:

resources for the installation https://www.alibabacloud.com/help/faq-detail/51143.htmhttps://www.tldp.org/HOWTO/NFS-HOWTO/security.htmlthe initial install of componentshttps://www.howtoforge.com/nfs-server-and-client-on-centos-7commands usedshowmount -e SERVER_IP

  • will show you if NFS has mounts to offer and you have them setup properly in /etc/exports

/etc/exports

mounting on a MAC - not all arguments I understand at the moment but it is to optimize performance.

  • you need to put insecure in the lines for /etc/exports and the mount command used on mac is
    • mount -t nfs -o soft,intr,rsize=8192,wsize=8192,timeo=900,retrans=3,proto=tcp 192.168.10.37:/mnt/moviez moviez/

mount on linux

  • mount -t nfs 192.168.10.10:/mnt/FTP /mnt/FTP

In order to not provide write access directly to the root share drive, the /etc/exports has for root ex: 

  • /mnt/FTP/192.168.10.0/16(ro,insecure,sync,no_root_squash,all_squash)
  • no no_root_squash is not a good idea
  • https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s2-server-nfs-noroot.htmlBy default, NFS shares change the root user to the nfsnobody user, an unprivileged user account. In this way, all root-created files are owned by nfsnobody, which prevents uploading of programs with the setuid bit set.

    If no_root_squash is used, remote root users are able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.

Then you can mount with --bind a subdirectory of the root you have shared in NFS.  In the /etc/exports you add a line ex: 

  • /mnt/movies/192.168.10.0/16(rw,insecure,sync,no_root_squash,all_squash)

you can check logs if you are having trouble.

2018-11-14 19:06:47gstlouis