NFSv4

From ArchWiki
Revision as of 16:40, 6 November 2007 by Abelstern (talk | contribs) (→‎Exports)
Jump to navigation Jump to search



Goals

The goal of this article is getting NFSv4 running on ArchLinux.
NFSv4 is the new version of NFS with new features like strong authentication and integrity via Kerberos and SPKM-3, improved performance, safe file caching, lock migration, ACLs and better support for Windows file sharing semantics.

Required packages

Required packages for both client and server (from AUR):

  1. libgssglue
  2. librpcsecgss
  3. nfs4-utils

Download the packages, makepkg and install them.
Note: currently pacman doesn't seem to handle replacing when invoked with pacman -U. Therefore, you'll need to remove nfs-utils before installing nfs4-utils (which is a complete drop-in replacement).

Exports

First we'll need to edit our exports in /etc/exports. A typical NFSv4 export would look like this:

/export    192.168.0.12(rw,fsid=0,insecure,no_subtree_check,async,no_root_squash)
/export/music 192.168.0.12(rw,async)

/export is the NFS root here (due to the fsid=0 entry). For exporting directories outside the NFS root, see below.
Note: the no_root_squash option means that root on the client is also considered root on the server. This is of course a security risk. Remove it if you don't need it.

Exporting directories outside your NFS root

To do this, you'll need to use bind mounts. For example, to bind /home/john to /export/john:

mount --bind /home/john /export/john

Then, /export/john needs to be added to /etc/exports:

/export    192.168.0.12(rw,fsid=0,insecure,no_subtree_check,async,no_root_squash)
/export/music 192.168.0.12(rw,async)
/export/john 192.168.12(nohide)

The nohide option is necessary, because the kernel NFS server automatically hides mounted directories. To add the bind mount to /etc/fstab:

/home/john    /export/john    none    bind  0 0

ID mapping

Then, /etc/idmapd.conf needs to be edited. You'll need to specify the Domain there on both client and server, so that they are identical. Example:

[General]

Verbosity = 1
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = archlinux.org

[Mapping]

Nobody-User = nobody
Nobody-Group = nogroup
john = john
staff = staff

Starting the server

To start the NFS server, just

/etc/rc.d/nfsd start
/etc/rc.d/nfs4-common start

If you want to tweak the configuration, feel free to edit /etc/conf.d/nfs to your needs.

Mounting the partitions on the client

On the client, to mount the NFSv4 partition:

/etc/rc.d/nfs4-common start
mount -t nfs4 server:/ /mnt/server/
mount -t nfs4 server:/music /mnt/music/

Note that the root of the path on the server is the NFS root specified; all paths must be specified relative to that.

See also

Take a look at the gentoo wiki for further instructions on configuring the exports.
Some general instructions: http://wiki.linux-nfs.org/wiki/index.php/Nfsv4_configuration
On migrating from NFSv3 to NFSv4: http://nfsv4.bullopensource.org/tools/tests/page40.php
For NFSv4 with Kerberos authentication: http://www.itp.uzh.ch/~dpotter/howto/kerberos
For a comparison on networked file systems, see http://wiki.linux-nfs.org/index.php/Comparison_of_NFS_vs._others