NFSv4

From ArchWiki
Revision as of 18:18, 13 November 2007 by Abelstern (talk | contribs) (See also)
Jump to navigation Jump to search



Goals

The goal of this article is getting NFSv4 running on ArchLinux.
NFSv4 is the new version of NFS with new features like strong authentication and integrity via Kerberos and SPKM-3, improved performance, safe file caching, lock migration, UTF-8, ACLs and better support for Windows file sharing semantics.

Required packages

Required packages for both clients and server (from AUR):

  1. libgssglue
  2. librpcsecgss
  3. nfs4-utils

Download the packages, makepkg and install them.
Note: currently pacman doesn't seem to handle replacing when invoked with pacman -U. Therefore, you'll need to remove nfs-utils before installing nfs4-utils (which is a complete drop-in replacement).

Configuration

Server

Exports

First we'll need to edit our exports in /etc/exports. A typical NFSv4 export would look like this:

/export    192.168.0.12(rw,fsid=0,no_subtree_check,async,no_root_squash)
/export/music 192.168.0.12(rw,no_subtree_check,async,no_root_squash)

/export is the NFS root here (due to the fsid=0 entry). Everything else that you want to be shared over NFS must be accessible under /export.
For exporting directories outside the NFS root, see below.
Note: the no_root_squash option means that root on the client is also considered root on the server. This is of course a security risk. Remove it if you don't need it.

Exporting directories outside your NFS root

To do this, you'll need to use bind mounts. For example, to bind /home/john to /export/john:

mount --bind /home/john /export/john

Then, /export/john needs to be added to /etc/exports:

/export    192.168.0.12(rw,fsid=0,no_subtree_check,async,no_root_squash)
/export/music 192.168.0.12(rw,no_subtree_check,async,no_root_squash)
/export/john 192.168.12(rw,no_subtree_check,async,no_root_squash,nohide)

The nohide option is necessary, because the kernel NFS server automatically hides mounted directories. To add the bind mount to /etc/fstab:

/home/john    /export/john    none    bind  0 0

ID mapping

Then, /etc/idmapd.conf needs to be edited. You'll need to at the very least specify your Domain there. Example:

[General]

Verbosity = 1
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = archlinux.org

[Mapping]

Nobody-User = nobody
Nobody-Group = nogroup

Starting the server

To start the NFS server, just

/etc/rc.d/nfs4-common start 
/etc/rc.d/nfsd start

If you want to tweak the configuration, feel free to edit /etc/conf.d/nfs to your needs.

Clients

ID mapping

/etc/idmapd.conf needs to be edited on all clients and the Domain entry should be identical to the one on the server. Example:

[General]

Verbosity = 1
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = archlinux.org

[Mapping]

Nobody-User = nobody
Nobody-Group = nogroup

Mounting the partitions on the client

On the client, to mount the NFSv4 partition:

/etc/rc.d/nfs4-common start
mount -t nfs4 server:/ /mnt/server/
mount -t nfs4 server:/music /mnt/music/
mount -t nfs4 server:/john /mnt/john

Note that the root of the path on the server is the NFS root specified; all paths must be specified relative to that.

See also

Take a look at the gentoo wiki for further instructions on configuring the exports.
Some general instructions: http://wiki.linux-nfs.org/wiki/index.php/Nfsv4_configuration
On migrating from NFSv3 to NFSv4: http://nfsv4.bullopensource.org/tools/tests/page40.php
For NFSv4 with Kerberos authentication: http://www.itp.uzh.ch/~dpotter/howto/kerberos
For a comparison of several networked file systems, see http://wiki.linux-nfs.org/index.php/Comparison_of_NFS_vs._others