Quick HOWTO : Ch29 : Remote Disk Access with NFS/zh:修订间差异

Kingsonxie留言 | 贡献
Hfhwan留言 | 贡献
第1行: 第1行:
{{Translation}} {{From|http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch29_:_Remote_Disk_Access_with_NFS}} {{Languages|Quick HOWTO : Ch29 : Remote Disk Access with NFS}} {{Translator|译者:谢金森([email protected])}}  
{{Languages|Quick HOWTO : Ch29 : Remote Disk Access with NFS}}
{{Translator|译者:谢金森([email protected])}}


== 介绍 ==
== 介绍 ==

当您想在装有Linux和Windows的计算机之间共享磁盘空间的时候,Samba通常是您可选择的解决方案。当磁盘需要在Linux服务器之间共享时,网络文件系统(NFS)协议就会被调用. 基本的配置是比较简单的,本章将要讲述配置的关键步骤。
当您想在装有Linux和Windows的计算机之间共享磁盘空间的时候,Samba通常是您可选择的解决方案。当磁盘需要在Linux服务器之间共享时,网络文件系统(NFS)协议就会被调用. 基本的配置是比较简单的,本章将要讲述配置的关键步骤。  

== NFS操作概要 ==

Linux的数据存储磁盘包含存储于标准目录结构文件系统中的文件夹。附加的磁盘通过附接或者挂载的方式加载。它们的文件系统将被转换为已存在于计算机磁盘的文件系统。这实际上使得被加载硬盘出现在它所挂载的文件系统的子目录中。 NFS允许计算机系统通过将远程计算机挂载到本地文件系统,使得能够像访问本地磁盘一样访问远程计算机。为了能够使NFS客户端访问,NFS服务器管理员需要指定被激活或者被调出的文件目录,同时NFS客户端管理员需要指定NFS服务器与其要被调出的目录的子集。为了能使NFS客户访问,NFS服务器的系统管理员需要指定被激活或者载出的目录,而且客户端的管理员需要指定NFS服务器和被载出目录的子目录。  

=== NFS通用规则 ===


# 仅仅在 / 目录下载出目录。
#仅仅在 / 目录下载出目录。  
# 不允许在已经载出目录下载出自目录。当子目录位于另一个物理设备的时是允许例外的。同样的,不允许载出一个子目录的上一级目录,除非它在另一个独立的设备。
# 只载出本地文件系统。


=== NFS关键概念 ===


==== VFS ====



====Stateless Operation====
==== Stateless Operation ====



==== 缓冲 ====



==== NFS和符号性链接 ====



==== NFS下的加载 ====


==== 硬加载与软加载 ====


==== NFS版本 ====


* 最高支持4GB文件
* 在写请求成功确认前需要NFS服务器成功在磁盘上写入数据
* 每次读写有8KB的限制


* Supports extremely large file sizes of up to 264 - 1 bytes
*Supports extremely large file sizes of up to 264 - 1 bytes  
* Supports the NFS server data updates as being successful when the data is written to the server's cache
*Supports the NFS server data updates as being successful when the data is written to the server's cache  
* Negotiates the data limit per read or write request between the client and server to a mutually decided optimal value.
*Negotiates the data limit per read or write request between the client and server to a mutually decided optimal value.

Version 4 maintains many of version 3's features, but with the additions that
Version 4 maintains many of version 3's features, but with the additions that  

* File locking and mounting are integrated in the NFS daemon and operate on a single, well known TCP port, making network security easier
*File locking and mounting are integrated in the NFS daemon and operate on a single, well known TCP port, making network security easier  
* File locking is mandatory, whereas before it was optional
*File locking is mandatory, whereas before it was optional  
* Support for the bundling of requests from each client provides more efficient processing by the NFS server.
*Support for the bundling of requests from each client provides more efficient processing by the NFS server.

It is important to match the versions of NFS running on clients and server to help ensure the necessary compatibility to get NFS to work predictably.
It is important to match the versions of NFS running on clients and server to help ensure the necessary compatibility to get NFS to work predictably.  

===Important NFS Daemons===
=== 几个重要的NFS后台程序 ===

NFS isn't a single program, but a suite of interrelated programs that work together to get the job done.

*'''portmap''': The primary daemon upon which all the others rely, portmap manages connections for applications that use the RPC specification. By default, portmap listens to TCP port 111 on which an initial connection is made. This is then used to negotiate a range of TCP ports, usually above port 1024, to be used for subsequent data transfers. You need to run portmap on both the NFS server and client.
*'''portmap''': The primary daemon upon which all the others rely主要的后台程序,其他程序都要依赖于它, portmap程序管理那些用RPC调用的程序的连接。portmap默认监听TCP端口111,这是一个默认启动的端口。然后portmap程序会分配一些TCP端口用来传输接下来的数据,这些端口号通常是大于1024的。 你必须在NFS的服务器和客户机上同时运行protmap程序。

* '''nfs''': Starts the RPC processes needed to serve shared NFS file systems. The nfs daemon needs to be run on the NFS server only.
*'''nfs''': 开启RPC进程用来共享NFS文件系统,你只需要在NFS服务器上运行这个程序。

* '''nfslock''': Used to allow NFS clients to lock files on the server via RPC processes. The nfslock daemon needs to be run on both the NFS server and client.
*'''nfslock''': 用来允许NFS客户端通过RPC进程锁定在服务器上的文件。你必须在NFS的服务器和客户机上同时运行这个程序

* '''netfs''': Allows RPC processes run on NFS clients to mount NFS filesystems on the server. The nfslock daemon needs to be run on the NFS client only.
*'''netfs''':允许运行在客户机上的RPC进程mount 服务器上的NFS文件系统。你只需要在NFS客户端上运行这个程序。 <br>

Now take a look at how to configure these daemons to create functional NFS client/server peering.
Now take a look at how to configure these daemons to create functional NFS client/server peering.现在让我们看一下怎样配置这些程序来创建基本的NFS 客户机/服务器 架构。<br>

==Installing NFS==
== Installing NFS ==

RedHat Linux installs nfs by default, and also by default nfs is activated when the system boots. You can determine whether you have nfs installed using the RPM command in conjunction with the grep command to search for all installed nfs packages.
RedHat Linux installs nfs by default, and also by default nfs is activated when the system boots. You can determine whether you have nfs installed using the RPM command in conjunction with the grep command to search for all installed nfs packages.  

  [root@bigboy tmp]# rpm -qa | grep nfs
  [root@bigboy tmp]# rpm -qa | grep nfs
第105行: 第102行:
  [root@bigboy tmp]#
  [root@bigboy tmp]#

A blank list means that you'll have to install the required packages.
A blank list means that you'll have to install the required packages.  

You also need to have the RPC portmap package installed, and the rpm command can tell you whether it's on your system already. When you use rpm in conjunction with grep, you can determine all the portmap applications installed:
You also need to have the RPC portmap package installed, and the rpm command can tell you whether it's on your system already. When you use rpm in conjunction with grep, you can determine all the portmap applications installed:  

  [root@bigboy tmp]# rpm -q portmap
  [root@bigboy tmp]# rpm -q portmap
第113行: 第110行:
  [root@bigboy tmp]#
  [root@bigboy tmp]#

A blank list means that you'll have to install the required packages.
A blank list means that you'll have to install the required packages.  

If nfs and portmap are not installed, they can be added fairly easily once you find the nfs-utils and portmap RPMs. (If you need a refresher, see Chapter 6, "[[Quick HOWTO : Ch06 : Installing Linux Software|Installing Linux Software]]".) Remember that RPM filenames usually start with the software's name and a version number, as in nfs-utils-1.1.3-1.i386.rpm.
If nfs and portmap are not installed, they can be added fairly easily once you find the nfs-utils and portmap RPMs. (If you need a refresher, see Chapter 6, "[[Quick HOWTO : Ch06 : Installing Linux Software|Installing Linux Software]]".) Remember that RPM filenames usually start with the software's name and a version number, as in nfs-utils-1.1.3-1.i386.rpm.  

== Scenario ==

A small office has an old Linux server that is running out of disk space. The office cannot tolerate any down time, even after hours, because the server is accessed by overseas programmers and clients at nights and local ones by day.
A small office has an old Linux server that is running out of disk space. The office cannot tolerate any down time, even after hours, because the server is accessed by overseas programmers and clients at nights and local ones by day.  

Budgets are tight and the company needs a quick solution until it can get a purchase order approved for a hardware upgrade. Another Linux server on the network has additional disk capacity in its /data partition and the office would like to expand into it as an interim expansion NFS server.
Budgets are tight and the company needs a quick solution until it can get a purchase order approved for a hardware upgrade. Another Linux server on the network has additional disk capacity in its /data partition and the office would like to expand into it as an interim expansion NFS server.  

==Configuring NFS on The Server==
== Configuring NFS on The Server ==

Both the NFS server and NFS client have to have parts of the NFS package installed and running. The server needs portmap, nfs, and nfslock operational, as well as a correctly configured /etc/exports file. Here's how to do it.
Both the NFS server and NFS client have to have parts of the NFS package installed and running. The server needs portmap, nfs, and nfslock operational, as well as a correctly configured /etc/exports file. Here's how to do it.  

===The /etc/exports File===
=== The /etc/exports File ===

The /etc/exports file is the main NFS configuration file, and it consists of two columns. The first column lists the directories you want to make available to the network. The second column has two parts. The first part lists the networks or DNS domains that can get access to the directory, and the second part lists NFS options in brackets.
The /etc/exports file is the main NFS configuration file, and it consists of two columns. The first column lists the directories you want to make available to the network. The second column has two parts. The first part lists the networks or DNS domains that can get access to the directory, and the second part lists NFS options in brackets.  

For the scenario you need:
For the scenario you need:  

* Read-only access to the /data/files directory to all networks
*Read-only access to the /data/files directory to all networks  
* Read/write access to the /home directory from all servers on the /24 network, which is all addresses from to
*Read/write access to the /home directory from all servers on the /24 network, which is all addresses from to  
* Read/write access to the /data/test directory from servers in the my-site.com DNS domain
*Read/write access to the /data/test directory from servers in the my-site.com DNS domain  
* Read/write access to the /data/database directory from a single server
*Read/write access to the /data/database directory from a single server

In all cases, use the sync option to ensure that file data cached in memory is automatically written to the disk after the completion of any disk data copying operation.
In all cases, use the sync option to ensure that file data cached in memory is automatically written to the disk after the completion of any disk data copying operation.  

第146行: 第143行:

After configuring your /etc/exports file, you need to activate the settings, but first make sure that NFS is running correctly.
After configuring your /etc/exports file, you need to activate the settings, but first make sure that NFS is running correctly.  

===Starting NFS on the Server===
=== Starting NFS on the Server ===

Configuring an NFS server is straightforward:
Configuring an NFS server is straightforward:  

1) Use the chkconfig command to configure the required nfs and RPC portmap daemons to start at boot. You also should activate NFS file locking to reduce the risk of corrupted data.
1) Use the chkconfig command to configure the required nfs and RPC portmap daemons to start at boot. You also should activate NFS file locking to reduce the risk of corrupted data.  

  [root@bigboy tmp]# chkconfig --level 35 nfs on
  [root@bigboy tmp]# chkconfig --level 35 nfs on
第158行: 第155行:
  [root@bigboy tmp]# chkconfig --level 35 portmap on
  [root@bigboy tmp]# chkconfig --level 35 portmap on

2) Use the init scripts in the /etc/init.d directory to start the nfs and RPC portmap daemons. The examples use the start option, but when needed, you can also stop and restart the processes with the stop and restart options.
2) Use the init scripts in the /etc/init.d directory to start the nfs and RPC portmap daemons. The examples use the start option, but when needed, you can also stop and restart the processes with the stop and restart options.  

  [root@bigboy tmp]# service portmap start
  [root@bigboy tmp]# service portmap start
第164行: 第161行:
  [root@bigboy tmp]# service nfslock start
  [root@bigboy tmp]# service nfslock start

3) Test whether NFS is running correctly with the rpcinfo command. You should get a listing of running RPC programs that must include mountd, portmapper, nfs, and nlockmgr.
3) Test whether NFS is running correctly with the rpcinfo command. You should get a listing of running RPC programs that must include mountd, portmapper, nfs, and nlockmgr.  

  [root@bigboy tmp]# rpcinfo -p localhost
  [root@bigboy tmp]# rpcinfo -p localhost
第183行: 第180行:
  [root@bigboy tmp]#
  [root@bigboy tmp]#

==Configuring NFS on The Client==
== Configuring NFS on The Client ==

NFS configuration on the client requires you to start the NFS application; create a directory on which to mount the NFS server's directories that you exported via the /etc/exports file, and finally to mount the NFS server's directory on your local directory, or mount point. Here's how to do it all.
NFS configuration on the client requires you to start the NFS application; create a directory on which to mount the NFS server's directories that you exported via the /etc/exports file, and finally to mount the NFS server's directory on your local directory, or mount point. Here's how to do it all.  

===Starting NFS on the Client===
=== Starting NFS on the Client ===

Three more steps easily configure NFS on the client.
Three more steps easily configure NFS on the client.  

1) Use the chkconfig command to configure the required nfs and RPC portmap daemons to start at boot. Activate nfslock to lock the files and reduce the risk of corrupted data.
1) Use the chkconfig command to configure the required nfs and RPC portmap daemons to start at boot. Activate nfslock to lock the files and reduce the risk of corrupted data.  

  [root@smallfry tmp]# chkconfig --level 35 netfs on
  [root@smallfry tmp]# chkconfig --level 35 netfs on
第197行: 第194行:
  [root@smallfry tmp]# chkconfig --level 35 portmap on
  [root@smallfry tmp]# chkconfig --level 35 portmap on

2) Use the init scripts in the /etc/init.d directory to start the nfs and RPC portmap daemons. As on the server, the examples use the start option, but you can also stop and restart the processes with the stop and restart options.
2) Use the init scripts in the /etc/init.d directory to start the nfs and RPC portmap daemons. As on the server, the examples use the start option, but you can also stop and restart the processes with the stop and restart options.  

  [root@smallfry tmp]# service portmap start
  [root@smallfry tmp]# service portmap start
第203行: 第200行:
  [root@smallfry tmp]# service nfslock start
  [root@smallfry tmp]# service nfslock start

3) Test whether NFS is running correctly with the rpcinfo command. The listing of running RPC programs you get must include status, portmapper, and nlockmgr.
3) Test whether NFS is running correctly with the rpcinfo command. The listing of running RPC programs you get must include status, portmapper, and nlockmgr.  

  [root@smallfry root]# rpcinfo -p
  [root@smallfry root]# rpcinfo -p
第220行: 第217行:
  [root@smallfry root]#
  [root@smallfry root]#

===NFS And DNS===
=== NFS And DNS ===

The NFS client must have a matching pair of forward and reverse DNS entries on the DNS server used by the NFS server. In other words, a DNS lookup on the NFS server for the IP address of the NFS client must return a server name that will map back to the original IP address when a DNS lookup is done on that same server name.
The NFS client must have a matching pair of forward and reverse DNS entries on the DNS server used by the NFS server. In other words, a DNS lookup on the NFS server for the IP address of the NFS client must return a server name that will map back to the original IP address when a DNS lookup is done on that same server name.  

  [root@bigboy tmp]# host
  [root@bigboy tmp]# host
第230行: 第227行:
  [root@bigboy tmp]#
  [root@bigboy tmp]#

This is a security precaution added into the nfs package that lessens the likelihood of unauthorized servers from gaining access to files on the NFS server. Failure to correctly register your server IPs in DNS can result in "fake hostname" errors:
This is a security precaution added into the nfs package that lessens the likelihood of unauthorized servers from gaining access to files on the NFS server. Failure to correctly register your server IPs in DNS can result in "fake hostname" errors:  

  Nov  7 19:14:40 bigboy rpc.mountd: Fake hostname smallfry.my-site.com for - forward lookup doesn't exist
  Nov  7 19:14:40 bigboy rpc.mountd: Fake hostname smallfry.my-site.com for - forward lookup doesn't exist

===Making NFS Mounting Permanent===
=== Making NFS Mounting Permanent ===

In most cases, users want their NFS directories to be permanently mounted. This requires an entry in the /etc/fstab file in addition to the creation of the mount point directory.
In most cases, users want their NFS directories to be permanently mounted. This requires an entry in the /etc/fstab file in addition to the creation of the mount point directory.  

====The /etc/fstab File====
==== The /etc/fstab File ====

The /etc/fstab file lists all the partitions that need to be auto-mounted when the system boots. Therefore, you need to edit the /etc/fstab file if you need the NFS directory to be made permanently available to users on the NFS. For the example, mount the /data/files directory on server bigboy (IP address 192.16801.100) as an NFS-type filesystem using the local /mnt/nfs mount point directory.
The /etc/fstab file lists all the partitions that need to be auto-mounted when the system boots. Therefore, you need to edit the /etc/fstab file if you need the NFS directory to be made permanently available to users on the NFS. For the example, mount the /data/files directory on server bigboy (IP address 192.16801.100) as an NFS-type filesystem using the local /mnt/nfs mount point directory.  

第247行: 第244行:

This example used the soft and nfsvers options; Table 29.1 outlines these and other useful NFS mounting options you may want to use. See the NFS man pages for more details.  
This example used the soft and nfsvers options; Table 29.1 outlines these and other useful NFS mounting options you may want to use. See the NFS man pages for more details.  
<div align="center">
==== Table 29.1 Possible NFS Mount Options ====

<div align=center>
{| cellspacing="0" cellpadding="0" border="1" style="border: medium none ; border-collapse: collapse;" class="MsoTableGrid"
| width="117" valign="top" style="border: 1pt solid windowtext; padding: 0.05in; background: green none repeat scroll 0% 0%; width: 70.2pt; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" |
'''<span style="color: white;">Option</span>'''

====Table 29.1 Possible NFS Mount Options====
| width="627" valign="top" style="border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; border-width: 1pt 1pt 1pt medium; padding: 0.05in; background: green none repeat scroll 0% 0%; width: 376.2pt; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" |
'''<span style="color: white;">Description</span>'''

<table class=MsoTableGrid border=1 cellspacing=0 cellpadding=0
| width="117" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 70.2pt;" |
<span style="font-family: &quot;Courier New";">bg</span>
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  background:green;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal align=center style='text-align:center'><b><span
  <td width=627 valign=top style='width:376.2pt;border:solid windowtext 1.0pt;
  border-left:none;background:green;padding:.05in .05in .05in .05in'>

  <p class=MsoNormal align=center style='text-align:center'><b><span
| width="627" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 376.2pt;" |
Retry mounting in the background if mounting initially fails
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>bg</span></p>
  <td width=627 valign=top style='width:376.2pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>Retry mounting in the background if mounting initially
| width="117" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 70.2pt;" |
<span style="font-family: &quot;Courier New";">fg</span>
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>fg</span></p>
  <td width=627 valign=top style='width:376.2pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>Mount in the foreground</p>
| width="627" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 376.2pt;" |
Mount in the foreground
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>soft</span></p>
  <td width=627 valign=top style='width:376.2pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>Use soft mounting</p>
| width="117" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 70.2pt;" |
<span style="font-family: &quot;Courier New";">soft</span>
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>hard</span></p>
  <td width=627 valign=top style='width:376.2pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>Use hard mounting</p>
| width="627" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 376.2pt;" |
Use soft mounting
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>rsize=n</span></p>
  <td width=627 valign=top style='width:376.2pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>The amount of data NFS will attempt to access per read
  operation. The default is dependent on the kernel. For NFS version 2, set it
| width="117" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 70.2pt;" |
  to 8192 to assure maximum throughput.</p>
<span style="font-family: &quot;Courier New";">hard</span>
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>wsize=n</span></p>
  <td width=627 valign=top style='width:376.2pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>The amount of data NFS will attempt to access per write
| width="627" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 376.2pt;" |
  operation. The default is dependent on the kernel. For NFS version 2, set it
Use hard mounting
  to 8192 to assure maximum throughput.</p>
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>nfsvers=n</span></p>
  <td width=627 valign=top style='width:376.2pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>The version of NFS the mount command should attempt to use</p>
| width="117" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 70.2pt;" |
<span style="font-family: &quot;Courier New";">rsize=n</span>
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>tcp</span></p>
  <td width=627 valign=top style='width:376.2pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>Attempt to mount the filesystem using TCP packets: the
| width="627" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 376.2pt;" |
  default is UDP.</p>
The amount of data NFS will attempt to access per read operation. The default is dependent on the kernel. For NFS version 2, set it to 8192 to assure maximum throughput.
  <td width=117 valign=top style='width:70.2pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>intr</span></p>
  <td width=627 valign=top style='width:376.2pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>If the filesystem is hard mounted and the mount times out,
  allow for the process to be aborted using the usual methods such as CTRL-C
| width="117" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 70.2pt;" |
  and the <span style='font-family:"Courier New"'>kill</span> command.</p>
<span style="font-family: &quot;Courier New";">wsize=n</span>

| width="627" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 376.2pt;" |
The amount of data NFS will attempt to access per write operation. The default is dependent on the kernel. For NFS version 2, set it to 8192 to assure maximum throughput.

The steps to mount the directory are fairly simple, as you'll see.
| width="117" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 70.2pt;" |
<span style="font-family: &quot;Courier New";">nfsvers=n</span>

====Permanently Mounting The NFS Directory====
| width="627" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 376.2pt;" |
The version of NFS the mount command should attempt to use

You'll now create a mount point directory, /mnt/nfs, on which to mount the remote NFS directory and then use the mount -a command activate the mount. Notice how before mounting there were no files visible in the /mnt/nfs directory, this changes after the mounting is completed:
| width="117" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 70.2pt;" |
<span style="font-family: &quot;Courier New";">tcp</span>
| width="627" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 376.2pt;" |
Attempt to mount the filesystem using TCP packets: the default is UDP.
| width="117" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 70.2pt;" |
<span style="font-family: &quot;Courier New";">intr</span>
| width="627" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 376.2pt;" |
If the filesystem is hard mounted and the mount times out, allow for the process to be aborted using the usual methods such as CTRL-C and the <span style="font-family: &quot;Courier New";">kill</span> command.
The steps to mount the directory are fairly simple, as you'll see.
==== Permanently Mounting The NFS Directory ====
You'll now create a mount point directory, /mnt/nfs, on which to mount the remote NFS directory and then use the mount -a command activate the mount. Notice how before mounting there were no files visible in the /mnt/nfs directory, this changes after the mounting is completed:  

  [root@smallfry tmp]# mkdir /mnt/nfs
  [root@smallfry tmp]# mkdir /mnt/nfs
第400行: 第333行:
  [root@smallfry tmp]#
  [root@smallfry tmp]#

Each time your system boots, it reads the /etc/fstab file and executes the mount -a command, thereby making this a permanent NFS mount.
Each time your system boots, it reads the /etc/fstab file and executes the mount -a command, thereby making this a permanent NFS mount.  

'''Note:''' There are multiple versions of NFS, the most popular of which is version 2, which most NFS clients use. Newer NFS servers may also be able to handle NFS version 4. To be safe, it is best to force the NFS server to export directories as version 2 using the nfsvers=2 option in the /etc/fstab file as shown in the example. Failure to do so may result in an error message.
'''Note:''' There are multiple versions of NFS, the most popular of which is version 2, which most NFS clients use. Newer NFS servers may also be able to handle NFS version 4. To be safe, it is best to force the NFS server to export directories as version 2 using the nfsvers=2 option in the /etc/fstab file as shown in the example. Failure to do so may result in an error message.  

  [root@probe-001 tmp]# mount -a
  [root@probe-001 tmp]# mount -a
第408行: 第341行:
  [root@probe-001 tmp]#
  [root@probe-001 tmp]#

====Manually Mounting NFS File Systems====
==== Manually Mounting NFS File Systems ====

If you don't want a permanent NFS mount, then you can use the mount command without the /etc/fstab entry to gain access only when necessary. This is a manual process; for an automated process, seen in the section "The NFS automounter."
If you don't want a permanent NFS mount, then you can use the mount command without the /etc/fstab entry to gain access only when necessary. This is a manual process; for an automated process, seen in the section "The NFS automounter."  

In this case, you're mounting the /data/files directory as an NFS-type filesystem on the /mnt/nfs mount point. The NFS server is bigboy whose IP address is
In this case, you're mounting the /data/files directory as an NFS-type filesystem on the /mnt/nfs mount point. The NFS server is bigboy whose IP address is  

Notice how before mounting there were no files visible in the /mnt/nfs directory, this changes after the mounting is complete:
Notice how before mounting there were no files visible in the /mnt/nfs directory, this changes after the mounting is complete:  

  [root@smallfry tmp]# mkdir /mnt/nfs
  [root@smallfry tmp]# mkdir /mnt/nfs
第423行: 第356行:
  [root@smallfry tmp]#
  [root@smallfry tmp]#

Congratulations! You've made your first steps towards being an NFS administrator.
Congratulations! You've made your first steps towards being an NFS administrator.  

==Activating Modifications To The /etc/exports File==
== Activating Modifications To The /etc/exports File ==

You can force your system to re-read the /etc/exports file by restarting NFS. In a nonproduction environment, this may cause disruptions when an exported directory suddenly disappears without prior notification to users. Here are some methods you can use to update and activate the file with the least amount of inconvenience to others.
You can force your system to re-read the /etc/exports file by restarting NFS. In a nonproduction environment, this may cause disruptions when an exported directory suddenly disappears without prior notification to users. Here are some methods you can use to update and activate the file with the least amount of inconvenience to others.  

===New Exports File===
=== New Exports File ===

When no directories have yet been exported to NFS, use the exportfs -a command.
When no directories have yet been exported to NFS, use the exportfs -a command.  

  [root@bigboy tmp]# exportfs -a
  [root@bigboy tmp]# exportfs -a

===Adding A Shared Directory To An Existing Exports File===
=== Adding A Shared Directory To An Existing Exports File ===

When adding a shared directory, you can use the exportfs -r command to export only the new entries.
When adding a shared directory, you can use the exportfs -r command to export only the new entries.  

  [root@bigboy tmp]# exportfs -r
  [root@bigboy tmp]# exportfs -r

===Deleting, Moving Or Modifying A Share===
=== Deleting, Moving Or Modifying A Share ===

Removing an exported directory from the /etc/exports file requires work on both the NFS client and server. The steps are:
Removing an exported directory from the /etc/exports file requires work on both the NFS client and server. The steps are:  

1) Unexport the mount point directory on the NFS client using the umount command. In this case, you're unmounting the /mnt/nfs mount point.
1) Unexport the mount point directory on the NFS client using the umount command. In this case, you're unmounting the /mnt/nfs mount point.  

  [root@smallfry tmp]# umount /mnt/nfs
  [root@smallfry tmp]# umount /mnt/nfs

'''Note''': You may also need to edit the /etc/fstab file of any entries related to the mount point if you want to make the change permanent even after rebooting.
'''Note''': You may also need to edit the /etc/fstab file of any entries related to the mount point if you want to make the change permanent even after rebooting.  

2) Comment out the corresponding entry in the NFS server's /etc/exports file and reload the modified file.
2) Comment out the corresponding entry in the NFS server's /etc/exports file and reload the modified file.  

  [root@bigboy tmp]# exportfs -ua
  [root@bigboy tmp]# exportfs -ua
  [root@bigboy tmp]# exportfs -a
  [root@bigboy tmp]# exportfs -a
You have now completed a seamless removal of the exported directory with much less chance of having critical errors.

==The NFS Automounter==
You have now completed a seamless removal of the exported directory with much less chance of having critical errors.
== The NFS Automounter ==

The permanent mounting of filesystems has its disadvantages. For example, the /etc/fstab file is unique per Linux server and has to be individually edited on each. NFS client management, therefore, becomes more difficult. Also, the mount is permanent, tying up system resources even when the NFS server isn't being accessed.
The permanent mounting of filesystems has its disadvantages. For example, the /etc/fstab file is unique per Linux server and has to be individually edited on each. NFS client management, therefore, becomes more difficult. Also, the mount is permanent, tying up system resources even when the NFS server isn't being accessed.  

NFS uses an automounter feature that overcomes these shortcomings by allowing you to bypass the /etc/fstab file for NFS mounts, instead using an NFS-specific map file that can be distributed to multiple clients. In addition, you can use the file to specify the expected duration of the NFS mount, after which time it is unmounted automatically. However, automounter continues to report to the operating system kernel that the mount is still active. When the kernel makes an NFS file request, automounter intercepts it and mounts the remote directory on the mount point defined in the map file. The mount point directory is dynamically created by the automounter when needed, after the timeout period the remote directory is unmounted and the mount point is deleted.
NFS uses an automounter feature that overcomes these shortcomings by allowing you to bypass the /etc/fstab file for NFS mounts, instead using an NFS-specific map file that can be distributed to multiple clients. In addition, you can use the file to specify the expected duration of the NFS mount, after which time it is unmounted automatically. However, automounter continues to report to the operating system kernel that the mount is still active. When the kernel makes an NFS file request, automounter intercepts it and mounts the remote directory on the mount point defined in the map file. The mount point directory is dynamically created by the automounter when needed, after the timeout period the remote directory is unmounted and the mount point is deleted.  

===Automounter Map Files===
=== Automounter Map Files ===

The master map file of automounter has a simple format that defines the name of the mount point directory in the first column and the subsidiary map file that controls its mounting in the second. You can add mounting options to a third column.
The master map file of automounter has a simple format that defines the name of the mount point directory in the first column and the subsidiary map file that controls its mounting in the second. You can add mounting options to a third column.  

In the example, the /home directory needs to be automounted on an NFS server and the configuration information is defined in the /etc/auto.home file. Finally, the mount will only last for five minutes (300 seconds), and this value will act as a default for all the entries in the /etc/auto.home file.
In the example, the /home directory needs to be automounted on an NFS server and the configuration information is defined in the /etc/auto.home file. Finally, the mount will only last for five minutes (300 seconds), and this value will act as a default for all the entries in the /etc/auto.home file.  

Irregular entries that don't match /home are placed in the /etc/auto.direct file.
Irregular entries that don't match /home are placed in the /etc/auto.direct file.  

第478行: 第412行:
  /-      /etc/auto.direct
  /-      /etc/auto.direct

====Direct Maps====
==== Direct Maps ====

Direct maps are used to define NFS filesystems that are mounted on different servers or that all don't start with the same prefix.
Direct maps are used to define NFS filesystems that are mounted on different servers or that all don't start with the same prefix.  

====Indirect Maps====
==== Indirect Maps ====

Indirect maps define directories that can be mounted under the same mount point. A good example would be all the users' directories under /home.
Indirect maps define directories that can be mounted under the same mount point. A good example would be all the users' directories under /home.  

'''Note:''' Based on preliminary testing, an early release of Fedora Core 3 doesn't appear to work correctly with automounter. You have to have one indirect map defined to avoid startup errors, and after doing so, the maps don't appear to be activated. No errors occur in the logs either.
'''Note:''' Based on preliminary testing, an early release of Fedora Core 3 doesn't appear to work correctly with automounter. You have to have one indirect map defined to avoid startup errors, and after doing so, the maps don't appear to be activated. No errors occur in the logs either.  

===The Structure Of Direct And Indirect Map Files===
=== The Structure Of Direct And Indirect Map Files ===

The format of these map files is similar to that of the /etc/auto.master file, except that columns two and three have been switched.
The format of these map files is similar to that of the /etc/auto.master file, except that columns two and three have been switched.  

Column one lists all the directory keys that will activate the automounter feature. It is also the name of the mount point under the directory listed in the /etc/auto.master file. The second column provides all the NFS options to be used, and the third column lists the NFS servers and the filesystems that map to the keys.
Column one lists all the directory keys that will activate the automounter feature. It is also the name of the mount point under the directory listed in the /etc/auto.master file. The second column provides all the NFS options to be used, and the third column lists the NFS servers and the filesystems that map to the keys.  

When the NFS client accesses a file, it refers to the keys in the /etc/auto.master file to see whether any fall within the realm of the automounter's responsibility. If one does, then automounter checks the subsidiary map file for subdirectory mount point key. If it finds one, then automounter mounts the files for the system.
When the NFS client accesses a file, it refers to the keys in the /etc/auto.master file to see whether any fall within the realm of the automounter's responsibility. If one does, then automounter checks the subsidiary map file for subdirectory mount point key. If it finds one, then automounter mounts the files for the system.  

====Indirect Map File Example====
==== Indirect Map File Example ====

In the previous example, the /etc/auto.master file redirected all references to the /home directory to the /etc/auto.home file. This second file has entries for peter, bob, and bunny; these directories are actually mount points for directories on servers bigboy, ochorios, and waitabit.
In the previous example, the /etc/auto.master file redirected all references to the /home directory to the /etc/auto.home file. This second file has entries for peter, bob, and bunny; these directories are actually mount points for directories on servers bigboy, ochorios, and waitabit.  

第507行: 第441行:
  bunny  waitabit:/home/bunny
  bunny  waitabit:/home/bunny

====Direct Map File Example====
==== Direct Map File Example ====

The second entry in the /etc/auto.master file was specifically created to handle all references to one of a kind directory prefixes. In the example the /data/sales and /sql/database are the mount points for directories on servers bigboy and waitabit.
The second entry in the /etc/auto.master file was specifically created to handle all references to one of a kind directory prefixes. In the example the /data/sales and /sql/database are the mount points for directories on servers bigboy and waitabit.  

第517行: 第451行:
  /sql/database        -ro,soft      waitabit:/var/mysql/database
  /sql/database        -ro,soft      waitabit:/var/mysql/database

'''Note:''' The automounter treats direct mounts as if they were files in a directory, not as individual directories. This means all direct mount points in the same directory are mounted simultaneously even if only one of them is being accessed. This can cause excessive mounting activity that can slow response times. There are tricks you can use to avoid this, perhaps the simplest is just to place direct mount points in different directories.
'''Note:''' The automounter treats direct mounts as if they were files in a directory, not as individual directories. This means all direct mount points in the same directory are mounted simultaneously even if only one of them is being accessed. This can cause excessive mounting activity that can slow response times. There are tricks you can use to avoid this, perhaps the simplest is just to place direct mount points in different directories.  

'''Note:''' Direct map entries in the /etc/auto.master file must all begin with /-, and you can use absolute path names with direct map files only, if you don't then you'll get an error like this in your /var/log/messages file:
'''Note:''' Direct map entries in the /etc/auto.master file must all begin with /-, and you can use absolute path names with direct map files only, if you don't then you'll get an error like this in your /var/log/messages file:  

  Nov  7 19:24:12 smallfry automount[31801]: bad map format: found indirect, expected direct exiting
  Nov  7 19:24:12 smallfry automount[31801]: bad map format: found indirect, expected direct exiting

===Wildcards In Map Files===
=== Wildcards In Map Files ===

You can use two types of wildcards in a map file. The asterisk (*), which means all, and the ampersand (&), which instructs automounter to substitute the value of the key for the & character.
You can use two types of wildcards in a map file. The asterisk (*), which means all, and the ampersand (&amp;), which instructs automounter to substitute the value of the key for the &amp; character.  

====Using the Ampersand Wildcard====
==== Using the Ampersand Wildcard ====

In the example below, the key is peter, so the ampersand wildcard is interpreted to mean peter too. This means you'll be mounting the bigboy:/home/peter directory.
In the example below, the key is peter, so the ampersand wildcard is interpreted to mean peter too. This means you'll be mounting the bigboy:/home/peter directory.  

  # File: /etc/auto.home
  # File: /etc/auto.home
  peter  bigboy:/home/&
  peter  bigboy:/home/&amp;

====Using the Asterisk Wildcard====
==== Using the Asterisk Wildcard ====

In the example below, the key is *, meaning that automounter will attempt to mount any attempt to enter the /home directory. But what's the value of the ampersand? It is actually assigned the value of the key that triggered the access to the /etc/auto.home file. If the access was for /home/peter, then the ampersand is interpreted to mean peter, and bigboy:/home/peter is mounted. If access was for /home/bob, then bigboy:/home/bob would be mounted.
In the example below, the key is *, meaning that automounter will attempt to mount any attempt to enter the /home directory. But what's the value of the ampersand? It is actually assigned the value of the key that triggered the access to the /etc/auto.home file. If the access was for /home/peter, then the ampersand is interpreted to mean peter, and bigboy:/home/peter is mounted. If access was for /home/bob, then bigboy:/home/bob would be mounted.  

  # File: /etc/auto.home
  # File: /etc/auto.home
  *  bigboy:/home/&
  *  bigboy:/home/&amp;

===Starting Automounter===
=== Starting Automounter ===

Fedora Linux installs the automounter RPM, called autofs, by default . Here are some quick steps to get automounter started.
Fedora Linux installs the automounter RPM, called autofs, by default . Here are some quick steps to get automounter started.  

1) Use the chkconfig command to configure the automounter daemons to start at boot. Activate NFS file locking to reduce the risk of corrupted data.
1) Use the chkconfig command to configure the automounter daemons to start at boot. Activate NFS file locking to reduce the risk of corrupted data.  

  [root@bigboy tmp]# chkconfig autofs on
  [root@bigboy tmp]# chkconfig autofs on

2) Use the init scripts in the /etc/init.d directory to start the automounter daemons. The example uses the start option, but you can also stop and restart the process with the stop and restart options.
2) Use the init scripts in the /etc/init.d directory to start the automounter daemons. The example uses the start option, but you can also stop and restart the process with the stop and restart options.  

  [root@bigboy tmp]# service autofs start
  [root@bigboy tmp]# service autofs start

3) Use the pgrep command to determine whether automounter is running. If it is, the command will return the process ID of the automount daemon.
3) Use the pgrep command to determine whether automounter is running. If it is, the command will return the process ID of the automount daemon.  

  [root@bigboy tmp]# pgrep automount
  [root@bigboy tmp]# pgrep automount
第563行: 第497行:
  [root@bigboy tmp]#
  [root@bigboy tmp]#

As you can see, managing the startup of automounter is very similar to that of other Linux applications and should be easy to remember.
As you can see, managing the startup of automounter is very similar to that of other Linux applications and should be easy to remember.  
=== Automounter Examples ===
Now that you understand NFS automounter, you may benefit from an example. Chapter 30, "[[Quick HOWTO : Ch30 : Configuring NIS|Configuring NIS]]", contains a full scenario in which a school computer laboratory uses automounter to centrally house all the home directories of its students. Additional centralization is also achieved by using NIS for login authentication, access, and accounting control.
== Troubleshooting NFS ==

===Automounter Examples===
A basic NFS configuration usually works without problems when the client and server are on the same network. The most common problems are caused by forgetting to start NFS, to edit the /etc/fstab file, or to export the /etc/exports file. Another common cause of failure is the iptables firewall daemon running on either the server or client without the administrator realizing it.

Now that you understand NFS automounter, you may benefit from an example. Chapter 30, "[[Quick HOWTO : Ch30 : Configuring NIS|Configuring NIS]]", contains a full scenario in which a school computer laboratory uses automounter to centrally house all the home directories of its students. Additional centralization is also achieved by using NIS for login authentication, access, and accounting control.
When the client and server are on different networks, these checks still apply, but you'll also have to make sure basic connectivity has been taken care of as outlined in Chapter 4, "[[Quick HOWTO : Ch04 : Simple Network Troubleshooting|Simple Network Troubleshooting]]". Sometimes a firewall being present on the path between the client and server can cause difficulties.  

==Troubleshooting NFS==
As always, no troubleshooting plan would be complete without frequent reference to the /var/log/messages file when searching for additional clues. Table 29.2 shows some common NFS errors you'll encounter.
<div align="center">
==== Table 29.2 Some Common NFS Error Messages ====

A basic NFS configuration usually works without problems when the client and server are on the same network. The most common problems are caused by forgetting to start NFS, to edit the /etc/fstab file, or to export the /etc/exports file. Another common cause of failure is the iptables firewall daemon running on either the server or client without the administrator realizing it.
{| cellspacing="0" cellpadding="0" border="1" style="border: medium none ; border-collapse: collapse;" class="MsoTableGrid"
| width="195" valign="top" style="border: 1pt solid windowtext; padding: 0.05in; background: green none repeat scroll 0% 0%; width: 117pt; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" |
'''<span style="color: white;">Option</span>'''

When the client and server are on different networks, these checks still apply, but you'll also have to make sure basic connectivity has been taken care of as outlined in Chapter 4, "[[Quick HOWTO : Ch04 : Simple Network Troubleshooting|Simple Network Troubleshooting]]". Sometimes a firewall being present on the path between the client and server can cause difficulties.
| width="549" valign="top" style="border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; border-width: 1pt 1pt 1pt medium; padding: 0.05in; background: green none repeat scroll 0% 0%; width: 329.4pt; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" |  
'''<span style="color: white;">Description</span>'''

As always, no troubleshooting plan would be complete without frequent reference to the /var/log/messages file when searching for additional clues. Table 29.2 shows some common NFS errors you'll encounter.
| width="195" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 117pt;" |
Too many levels of remote in path

<div align=center>
| width="549" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 329.4pt;" |
====Table 29.2 Some Common NFS Error Messages====
Attempting to mount a filesystem that has already been mounted.

<table class=MsoTableGrid border=1 cellspacing=0 cellpadding=0
| width="195" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 117pt;" |
Permission denied
  <td width=195 valign=top style='width:117.0pt;border:solid windowtext 1.0pt;
  background:green;padding:.05in .05in .05in .05in'>

  <p class=MsoNormal align=center style='text-align:center'><b><span
| width="549" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 329.4pt;" |
User is denied access. This could be the client's root user who has unprivileged status on the server due to the '''root_squash''' option. Could also be because the user on the client doesn't exist on the server.
  <td width=549 valign=top style='width:329.4pt;border:solid windowtext 1.0pt;
  border-left:none;background:green;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal align=center style='text-align:center'><b><span
  <td width=195 valign=top style='width:117.0pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>Too many levels of remote in path</p>
| width="195" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 117pt;" |
  <td width=549 valign=top style='width:329.4pt;border-top:none;border-left:
No such host
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Attempting to mount a filesystem that has already been
  <td width=195 valign=top style='width:117.0pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>

  <p class=MsoNormal>Permission denied</p>
| width="549" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 329.4pt;" |
Typographical error in the name of the server.
  <td width=549 valign=top style='width:329.4pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>User is denied access. This could be the client's root
  user who has unprivileged status on the server due to the <b>root_squash</b>
  option. Could also be because the user on the client doesn't exist on the

  <td width=195 valign=top style='width:117.0pt;border:solid windowtext 1.0pt;
| width="195" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 117pt;" |
  border-top:none;padding:.05in .05in .05in .05in'>
No such file or directory
  <p class=MsoNormal>No such host</p>
  <td width=549 valign=top style='width:329.4pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Typographical error in the name of the server.</p>

| width="549" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 329.4pt;" |
  <td width=195 valign=top style='width:117.0pt;border:solid windowtext 1.0pt;
Typographical error in the name of the file or directory: they don't exist.
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>No such file or directory</p>
  <td width=549 valign=top style='width:329.4pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Typographical error in the name of the file or directory:
  they don't exist.</p>

  <td width=195 valign=top style='width:117.0pt;border:solid windowtext 1.0pt;
| width="195" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 117pt;" |
  border-top:none;padding:.05in .05in .05in .05in'>
NFS server is not responding
  <p class=MsoNormal>NFS server is not responding</p>
  <td width=549 valign=top style='width:329.4pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>The server could be overloaded or down.</p>

| width="549" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 329.4pt;" |
  <td width=195 valign=top style='width:117.0pt;border:solid windowtext 1.0pt;
The server could be overloaded or down.
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Stale file handle</p>
  <td width=549 valign=top style='width:329.4pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>A file that was previously accessed by the client was
  deleted on the server before the client closed it.</p>

  <td width=195 valign=top style='width:117.0pt;border:solid windowtext 1.0pt;
| width="195" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 117pt;" |
  border-top:none;padding:.05in .05in .05in .05in'>
Stale file handle
  <p class=MsoNormal>Fake hostname</p>
  <td width=549 valign=top style='width:329.4pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Forward and reverse DNS entries don't exist for the NFS client.</p>

| width="549" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 329.4pt;" |
A file that was previously accessed by the client was deleted on the server before the client closed it.

| width="195" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 117pt;" |
Fake hostname

===The showmount Command===
| width="549" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 329.4pt;" |
Forward and reverse DNS entries don't exist for the NFS client.

When run on the server, the showmount -a command lists all the currently exported directories. It also shows a list of NFS clients accessing the server, in this case one client has an IP address of
=== The showmount Command ===
When run on the server, the showmount -a command lists all the currently exported directories. It also shows a list of NFS clients accessing the server, in this case one client has an IP address of  

  [root@bigboy tmp]# showmount -a
  [root@bigboy tmp]# showmount -a
第700行: 第582行:
  [root@bigboy tmp]#
  [root@bigboy tmp]#

===The "df" Command===
=== The "df" Command ===

The df command lists the disk usage of a mounted filesystem. Run it on the NFS client to verify that NFS mounting has occurred. In many cases, the root_squash mount option will prevent the root user from doing this, so it's best to try it as an unprivileged user.
The df command lists the disk usage of a mounted filesystem. Run it on the NFS client to verify that NFS mounting has occurred. In many cases, the root_squash mount option will prevent the root user from doing this, so it's best to try it as an unprivileged user.  

  [nfsuser@smallfry nfsuser]$ df -F nfs
  [nfsuser@smallfry nfsuser]$ df -F nfs
第710行: 第592行:
  [nfsuser@smallfry nfsuser]$
  [nfsuser@smallfry nfsuser]$

===The nfsstat Command===
=== The nfsstat Command ===

The nfsstat command provides useful error statistics. The -s option provides NFS server stats, while the -c option provides them of for clients. Threshold guidelines are provided in Table 29.3.
The nfsstat command provides useful error statistics. The -s option provides NFS server stats, while the -c option provides them of for clients. Threshold guidelines are provided in Table 29.3.  

  [root@bigboy tmp]# nfsstat -s
  [root@bigboy tmp]# nfsstat -s
第737行: 第619行:
  [root@bigboy tmp]#
  [root@bigboy tmp]#
<div align="center">
==== Table 29.3 Error Thresholds For The "nfsstat" Command ====
{| cellspacing="0" cellpadding="0" border="1" style="border: medium none ; border-collapse: collapse;" class="MsoTableGrid"
| width="98" valign="top" style="border: 1pt solid windowtext; padding: 0.05in; background: green none repeat scroll 0% 0%; width: 58.6pt; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" |
'''<span style="color: white;">Value</span>'''
| width="97" valign="top" style="border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; border-width: 1pt 1pt 1pt medium; padding: 0.05in; background: green none repeat scroll 0% 0%; width: 58.4pt; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" |
'''<span style="color: white;">Threshold</span>'''
| width="561" valign="top" style="border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; border-width: 1pt 1pt 1pt medium; padding: 0.05in; background: green none repeat scroll 0% 0%; width: 336.6pt; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" |
'''<span style="color: white;">Description</span>'''
| width="98" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 58.6pt;" |
<span style="font-family: &quot;Courier New";">readlink</span>
| width="97" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 58.4pt;" |
&gt; 10%
| width="561" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 336.6pt;" |
Excessive numbers of symbolic links slowing performance. Try to replace them with a directory and mount the filesystem directly on this new mount point.
| width="98" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 58.6pt;" |
<span style="font-family: &quot;Courier New";">getattr</span>

<div align=center>
| width="97" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 58.4pt;" |
====Table 29.3 Error Thresholds For The "nfsstat" Command====
&gt; 50%

<table class=MsoTableGrid border=1 cellspacing=0 cellpadding=0
| width="561" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 336.6pt;" |
File attributes, like file data, is cached in NFS. This value tracks the percentage of file attribute reads that are not from cache refresh requests. Usually caused by the NFS "noac" mount option which prevents file attribute caching.

  <td width=98 valign=top style='width:58.6pt;border:solid windowtext 1.0pt;
  background:green;padding:.05in .05in .05in .05in'>
| width="98" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 58.6pt;" |
  <p class=MsoNormal align=center style='text-align:center'><b><span
<span style="font-family: &quot;Courier New";">badcalls</span>
  <td width=97 valign=top style='width:58.4pt;border:solid windowtext 1.0pt;
  border-left:none;background:green;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal align=center style='text-align:center'><b><span
  <td width=561 valign=top style='width:336.6pt;border:solid windowtext 1.0pt;
  border-left:none;background:green;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal align=center style='text-align:center'><b><span

| width="97" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 58.4pt;" |
&gt; 0
  <td width=98 valign=top style='width:58.6pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>readlink</span></p>
  <td width=97 valign=top style='width:58.4pt;border-top:none;border-left:none;
  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>&gt; 10%</p>

| width="561" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 336.6pt;" |
  <td width=561 valign=top style='width:336.6pt;border-top:none;border-left:
Bad RPC requests. Could be due to poorly configured authentication, the root user attempting to access data governed by the "root_squash" directive or having a user in too many groups.
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Excessive numbers of symbolic links slowing performance.
  Try to replace them with a directory and mount the filesystem directly on
  this new mount point.</p>
  <td width=98 valign=top style='width:58.6pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>getattr</span></p>

  <td width=97 valign=top style='width:58.4pt;border-top:none;border-left:none;
| width="98" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 58.6pt;" |
  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
<span style="font-family: &quot;Courier New";">retrans</span>
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>&gt; 50%</p>
  <td width=561 valign=top style='width:336.6pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>File attributes, like file data, is cached in NFS. This
  value tracks the percentage of file attribute reads that are not from cache
  refresh requests. Usually caused by the NFS &quot;noac&quot; mount option
  which prevents file attribute caching.</p>

| width="97" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 58.4pt;" |
&gt; 5%
  <td width=98 valign=top style='width:58.6pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>badcalls</span></p>
  <td width=97 valign=top style='width:58.4pt;border-top:none;border-left:none;
  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>&gt; 0</p>

| width="561" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 336.6pt;" |
  <td width=561 valign=top style='width:336.6pt;border-top:none;border-left:
Percentage of requests for service that the client had to retransmit to the servers. Could be due to slow NFS servers or poor network conditions.
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Bad RPC requests. Could be due to poorly configured
  authentication, the root user attempting to access data governed by the
  &quot;root_squash&quot; directive or having a user in too many groups.</p>
  <td width=98 valign=top style='width:58.6pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>

  <p class=MsoNormal><span style='font-family:"Courier New"'>retrans</span></p>
| width="98" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 58.6pt;" |
  <td width=97 valign=top style='width:58.4pt;border-top:none;border-left:none;
<span style="font-family: &quot;Courier New";">writes </span>
  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>&gt; 5%</p>
  <td width=561 valign=top style='width:336.6pt;border-top:none;border-left:
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Percentage of requests for service that the client had to
  retransmit to the servers. Could be due to slow NFS servers or poor network

| width="97" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 58.4pt;" |
&gt; 10%
  <td width=98 valign=top style='width:58.6pt;border:solid windowtext 1.0pt;
  border-top:none;padding:.05in .05in .05in .05in'>
  <p class=MsoNormal><span style='font-family:"Courier New"'>writes </span></p>
  <td width=97 valign=top style='width:58.4pt;border-top:none;border-left:none;
  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>&gt; 10%</p>

| width="561" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 336.6pt;" |
  <td width=561 valign=top style='width:336.6pt;border-top:none;border-left:
Writes are slow due to poor caching values. Check the "noac" and "wsize" mount options.
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Writes are slow due to poor caching values. Check the
  &quot;noac&quot; and &quot;wsize&quot; mount options.</p>

  <td width=98 valign=top style='width:58.6pt;border:solid windowtext 1.0pt;
| width="98" valign="top" style="border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; border-width: medium 1pt 1pt; padding: 0.05in; width: 58.6pt;" |
  border-top:none;padding:.05in .05in .05in .05in'>
<span style="font-family: &quot;Courier New";">read</span>
  <p class=MsoNormal><span style='font-family:"Courier New"'>read</span></p>
  <td width=97 valign=top style='width:58.4pt;border-top:none;border-left:none;
  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>&gt; 10%</p>

  <td width=561 valign=top style='width:336.6pt;border-top:none;border-left:
| width="97" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 58.4pt;" |
  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
&gt; 10%
  padding:.05in .05in .05in .05in'>
  <p class=MsoNormal>Reads are slow due to poor caching values. Check the
  &quot;noac&quot; and &quot;rsize&quot; mount options.</p>

| width="561" valign="top" style="border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; border-width: medium 1pt 1pt medium; padding: 0.05in; width: 336.6pt;" |
Reads are slow due to poor caching values. Check the "noac" and "rsize" mount options.

==Other NFS Considerations==
== Other NFS Considerations ==

NFS can be temperamental. An incorrect configuration can cause it to be unresponsive. Its security is relatively weak, and you have to be aware of the file permissions on both the NFS client and server to get it to work correctly. Often these issues can be resolved with some basic guidelines outlined in this section.
NFS can be temperamental. An incorrect configuration can cause it to be unresponsive. Its security is relatively weak, and you have to be aware of the file permissions on both the NFS client and server to get it to work correctly. Often these issues can be resolved with some basic guidelines outlined in this section.  

=== Security ===

NFS and portmap have had a number of known security deficiencies in the past. As a result, I don't recommended using NFS over insecure networks. NFS doesn't encrypt data and it is possible for root users on NFS clients to have root access the server's filesystems. You can exercise security-related caution with NFS by following a few guidelines:
NFS and portmap have had a number of known security deficiencies in the past. As a result, I don't recommended using NFS over insecure networks. NFS doesn't encrypt data and it is possible for root users on NFS clients to have root access the server's filesystems. You can exercise security-related caution with NFS by following a few guidelines:  

* Restrict its use to secure networks
*Restrict its use to secure networks  
* Export only the most needed data
*Export only the most needed data  
* Consider using read-only exports whenever data updates aren't necessary.
*Consider using read-only exports whenever data updates aren't necessary.  
* Use the root_squash option in /etc/exports file (default) to reduce the risk of the possibility of a root user on the NFS client having root file permission access on the NFS server. This is normally an undesirable condition, especially if the NFS client and NFS server are being managed by different sets of administrators.
*Use the root_squash option in /etc/exports file (default) to reduce the risk of the possibility of a root user on the NFS client having root file permission access on the NFS server. This is normally an undesirable condition, especially if the NFS client and NFS server are being managed by different sets of administrators.

These points should be the foundation of your NFS security policy, however, the list isn't comprehensive due to the concise scope of this book. I'd suggest that you refer to a dedicated NFS reference for more detailed advice.
These points should be the foundation of your NFS security policy, however, the list isn't comprehensive due to the concise scope of this book. I'd suggest that you refer to a dedicated NFS reference for more detailed advice.  

===NFS Hanging===
=== NFS Hanging ===

As stated before, if the NFS server fails, the NFS client waits indefinitely for it to return. This also forces programs relying on the same client server relationship to wait indefinitely too.
As stated before, if the NFS server fails, the NFS client waits indefinitely for it to return. This also forces programs relying on the same client server relationship to wait indefinitely too.  

For this reason, use the soft option in the NFS client's /etc/fstab file. This causes NFS to report an I/O error to the calling program after a long timeout.
For this reason, use the soft option in the NFS client's /etc/fstab file. This causes NFS to report an I/O error to the calling program after a long timeout.  

You can reduce the risk of NFS hanging by taking a number of precautions:
You can reduce the risk of NFS hanging by taking a number of precautions:  

* Run NFS on a reliable network.
*Run NFS on a reliable network.  
* Avoid having NFS servers that NFS mount each other's filesystems or directories.
*Avoid having NFS servers that NFS mount each other's filesystems or directories.  
* Always use the sync option whenever possible.
*Always use the sync option whenever possible.  
* Do not have mission-critical computers rely on an NFS server to operate, unless the server's reliability can be guaranteed.
*Do not have mission-critical computers rely on an NFS server to operate, unless the server's reliability can be guaranteed.  
* Do not include NFS-mounted directories as part of your search path, because a hung NFS connection to a directory in your search path could cause your shell to pause at that point in the search path until the NFS session is regained.
*Do not include NFS-mounted directories as part of your search path, because a hung NFS connection to a directory in your search path could cause your shell to pause at that point in the search path until the NFS session is regained.

===File Locking===
=== File Locking ===

NFS allows multiple clients to mount the same directory, but NFS has a history of not handling file locking well, although more recent versions are said to have rectified the problem. Test your network-based applications thoroughly before considering using NFS.
NFS allows multiple clients to mount the same directory, but NFS has a history of not handling file locking well, although more recent versions are said to have rectified the problem. Test your network-based applications thoroughly before considering using NFS.  

===Nesting Exports===
=== Nesting Exports ===

NFS doesn't allow you to export directories that are subdirectories of directories that have already been exported unless they are on different partitions.
NFS doesn't allow you to export directories that are subdirectories of directories that have already been exported unless they are on different partitions.  

===Limiting root Access===
=== Limiting root Access ===

NFS doesn't allow a root user on a NFS client to have root privileges on the NFS server. This can be disabled with the no_root_squash export option in the /etc/exports file. This is normally an undesirable condition, especially if the NFS client and NFS server are being managed by different sets of administrators.
NFS doesn't allow a root user on a NFS client to have root privileges on the NFS server. This can be disabled with the no_root_squash export option in the /etc/exports file. This is normally an undesirable condition, especially if the NFS client and NFS server are being managed by different sets of administrators.  

===Restricting Access to the NFS server===
=== Restricting Access to the NFS server ===

NFS doesn't provide restrictions on a per-user basis. If a user named nfsuser exists on the NFS client, then they will have access to all the files of a user named nfsuser on the NFS server. It is best, therefore, to use the /etc/exports file to limit access to certain trusted servers or networks.
NFS doesn't provide restrictions on a per-user basis. If a user named nfsuser exists on the NFS client, then they will have access to all the files of a user named nfsuser on the NFS server. It is best, therefore, to use the /etc/exports file to limit access to certain trusted servers or networks.  

You may also want to use a firewall to protect access to the NFS server. A main communication control channel is usually created between the client and server on TCP port 111, but the data is frequently transferred on a randomly chosen TCP port negotiated between them. There are ways to limit the TCP ports used, but that is beyond the scope of this book.
You may also want to use a firewall to protect access to the NFS server. A main communication control channel is usually created between the client and server on TCP port 111, but the data is frequently transferred on a randomly chosen TCP port negotiated between them. There are ways to limit the TCP ports used, but that is beyond the scope of this book.  

You may also want to eliminate any wireless networks between your NFS server and client, and it is not wise to mount an NFS share across the Internet as access could be either slow, intermittent or insecure.
You may also want to eliminate any wireless networks between your NFS server and client, and it is not wise to mount an NFS share across the Internet as access could be either slow, intermittent or insecure.  

===File Permissions===
=== File Permissions ===

The NFS file permissions on the NFS server are inherited by the client. It can become complicated especially if the users and user groups on the NFS client that are expected to access data on the NFS server don't exist on the NFS server.
The NFS file permissions on the NFS server are inherited by the client. It can become complicated especially if the users and user groups on the NFS client that are expected to access data on the NFS server don't exist on the NFS server.  

For simplicity, make the key users and groups on both systems match and make sure the permissions on the NFS client mount point and the exported directories of the NFS server are in keeping with the your operational objectives.
For simplicity, make the key users and groups on both systems match and make sure the permissions on the NFS client mount point and the exported directories of the NFS server are in keeping with the your operational objectives.  

== Conclusion ==

As you have seen NFS can be a very powerful tool in providing clients with access to large amounts of data, such as a database stored on a centralized server. Many of the new network-attached storage products currently available on the market rely on NFS - a testament to its popularity, increasing stability, and improving security.
As you have seen NFS can be a very powerful tool in providing clients with access to large amounts of data, such as a database stored on a centralized server. Many of the new network-attached storage products currently available on the market rely on NFS - a testament to its popularity, increasing stability, and improving security.

2008年11月19日 (三) 21:57的版本

{{#ifexist: :Quick HOWTO : Ch29 : Remote Disk Access with NFS/zh/zh | | {{#ifexist: Quick HOWTO : Ch29 : Remote Disk Access with NFS/zh/zh | | {{#ifeq: {{#titleparts:Quick HOWTO : Ch29 : Remote Disk Access with NFS/zh|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:Quick HOWTO : Ch29 : Remote Disk Access with NFS/zh|1|-1|}} | zh | | }}


当您想在装有Linux和Windows的计算机之间共享磁盘空间的时候,Samba通常是您可选择的解决方案。当磁盘需要在Linux服务器之间共享时,网络文件系统(NFS)协议就会被调用. 基本的配置是比较简单的,本章将要讲述配置的关键步骤。


Linux的数据存储磁盘包含存储于标准目录结构文件系统中的文件夹。附加的磁盘通过附接或者挂载的方式加载。它们的文件系统将被转换为已存在于计算机磁盘的文件系统。这实际上使得被加载硬盘出现在它所挂载的文件系统的子目录中。 NFS允许计算机系统通过将远程计算机挂载到本地文件系统,使得能够像访问本地磁盘一样访问远程计算机。为了能够使NFS客户端访问,NFS服务器管理员需要指定被激活或者被调出的文件目录,同时NFS客户端管理员需要指定NFS服务器与其要被调出的目录的子集。为了能使NFS客户访问,NFS服务器的系统管理员需要指定被激活或者载出的目录,而且客户端的管理员需要指定NFS服务器和被载出目录的子目录。



  1. 仅仅在 / 目录下载出目录。
  2. 不允许在已经载出目录下载出自目录。当子目录位于另一个物理设备的时是允许例外的。同样的,不允许载出一个子目录的上一级目录,除非它在另一个独立的设备。
  3. 只载出本地文件系统。







Stateless Operation















  • 最高支持4GB文件
  • 在写请求成功确认前需要NFS服务器成功在磁盘上写入数据
  • 每次读写有8KB的限制


  • Supports extremely large file sizes of up to 264 - 1 bytes
  • Supports the NFS server data updates as being successful when the data is written to the server's cache
  • Negotiates the data limit per read or write request between the client and server to a mutually decided optimal value.

Version 4 maintains many of version 3's features, but with the additions that

  • File locking and mounting are integrated in the NFS daemon and operate on a single, well known TCP port, making network security easier
  • File locking is mandatory, whereas before it was optional
  • Support for the bundling of requests from each client provides more efficient processing by the NFS server.

It is important to match the versions of NFS running on clients and server to help ensure the necessary compatibility to get NFS to work predictably.



  • portmap: The primary daemon upon which all the others rely主要的后台程序,其他程序都要依赖于它, portmap程序管理那些用RPC调用的程序的连接。portmap默认监听TCP端口111,这是一个默认启动的端口。然后portmap程序会分配一些TCP端口用来传输接下来的数据,这些端口号通常是大于1024的。 你必须在NFS的服务器和客户机上同时运行protmap程序。
  • nfs: 开启RPC进程用来共享NFS文件系统,你只需要在NFS服务器上运行这个程序。
  • nfslock: 用来允许NFS客户端通过RPC进程锁定在服务器上的文件。你必须在NFS的服务器和客户机上同时运行这个程序
  • netfs:允许运行在客户机上的RPC进程mount 服务器上的NFS文件系统。你只需要在NFS客户端上运行这个程序。

Now take a look at how to configure these daemons to create functional NFS client/server peering.现在让我们看一下怎样配置这些程序来创建基本的NFS 客户机/服务器 架构。

Installing NFS

RedHat Linux installs nfs by default, and also by default nfs is activated when the system boots. You can determine whether you have nfs installed using the RPM command in conjunction with the grep command to search for all installed nfs packages.

[root@bigboy tmp]# rpm -qa | grep nfs
[root@bigboy tmp]#

A blank list means that you'll have to install the required packages.

You also need to have the RPC portmap package installed, and the rpm command can tell you whether it's on your system already. When you use rpm in conjunction with grep, you can determine all the portmap applications installed:

[root@bigboy tmp]# rpm -q portmap
[root@bigboy tmp]#

A blank list means that you'll have to install the required packages.

If nfs and portmap are not installed, they can be added fairly easily once you find the nfs-utils and portmap RPMs. (If you need a refresher, see Chapter 6, "Installing Linux Software".) Remember that RPM filenames usually start with the software's name and a version number, as in nfs-utils-1.1.3-1.i386.rpm.


A small office has an old Linux server that is running out of disk space. The office cannot tolerate any down time, even after hours, because the server is accessed by overseas programmers and clients at nights and local ones by day.

Budgets are tight and the company needs a quick solution until it can get a purchase order approved for a hardware upgrade. Another Linux server on the network has additional disk capacity in its /data partition and the office would like to expand into it as an interim expansion NFS server.

Configuring NFS on The Server

Both the NFS server and NFS client have to have parts of the NFS package installed and running. The server needs portmap, nfs, and nfslock operational, as well as a correctly configured /etc/exports file. Here's how to do it.

The /etc/exports File

The /etc/exports file is the main NFS configuration file, and it consists of two columns. The first column lists the directories you want to make available to the network. The second column has two parts. The first part lists the networks or DNS domains that can get access to the directory, and the second part lists NFS options in brackets.

For the scenario you need:

  • Read-only access to the /data/files directory to all networks
  • Read/write access to the /home directory from all servers on the /24 network, which is all addresses from to
  • Read/write access to the /data/test directory from servers in the my-site.com DNS domain
  • Read/write access to the /data/database directory from a single server

In all cases, use the sync option to ensure that file data cached in memory is automatically written to the disk after the completion of any disk data copying operation.

/data/files           *(ro,sync)
/home       ,sync)
/data/test            *.my-site.com(rw,sync)

After configuring your /etc/exports file, you need to activate the settings, but first make sure that NFS is running correctly.

Starting NFS on the Server

Configuring an NFS server is straightforward:

1) Use the chkconfig command to configure the required nfs and RPC portmap daemons to start at boot. You also should activate NFS file locking to reduce the risk of corrupted data.

[root@bigboy tmp]# chkconfig --level 35 nfs on
[root@bigboy tmp]# chkconfig --level 35 nfslock on 
[root@bigboy tmp]# chkconfig --level 35 portmap on

2) Use the init scripts in the /etc/init.d directory to start the nfs and RPC portmap daemons. The examples use the start option, but when needed, you can also stop and restart the processes with the stop and restart options.

[root@bigboy tmp]# service portmap start
[root@bigboy tmp]# service nfs start
[root@bigboy tmp]# service nfslock start

3) Test whether NFS is running correctly with the rpcinfo command. You should get a listing of running RPC programs that must include mountd, portmapper, nfs, and nlockmgr.

[root@bigboy tmp]# rpcinfo -p localhost
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100021    1   udp   1024  nlockmgr
    100021    3   udp   1024  nlockmgr
    100021    4   udp   1024  nlockmgr
    100005    1   udp   1042  mountd
    100005    1   tcp   2342  mountd
    100005    2   udp   1042  mountd
    100005    2   tcp   2342  mountd
    100005    3   udp   1042  mountd
    100005    3   tcp   2342  mountd
[root@bigboy tmp]#

Configuring NFS on The Client

NFS configuration on the client requires you to start the NFS application; create a directory on which to mount the NFS server's directories that you exported via the /etc/exports file, and finally to mount the NFS server's directory on your local directory, or mount point. Here's how to do it all.

Starting NFS on the Client

Three more steps easily configure NFS on the client.

1) Use the chkconfig command to configure the required nfs and RPC portmap daemons to start at boot. Activate nfslock to lock the files and reduce the risk of corrupted data.

[root@smallfry tmp]# chkconfig --level 35 netfs on
[root@smallfry tmp]# chkconfig --level 35 nfslock on
[root@smallfry tmp]# chkconfig --level 35 portmap on

2) Use the init scripts in the /etc/init.d directory to start the nfs and RPC portmap daemons. As on the server, the examples use the start option, but you can also stop and restart the processes with the stop and restart options.

[root@smallfry tmp]# service portmap start
[root@smallfry tmp]# service netfs start
[root@smallfry tmp]# service nfslock start

3) Test whether NFS is running correctly with the rpcinfo command. The listing of running RPC programs you get must include status, portmapper, and nlockmgr.

[root@smallfry root]# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  32768  status
    100024    1   tcp  32768  status
    100021    1   udp  32769  nlockmgr
    100021    3   udp  32769  nlockmgr
    100021    4   udp  32769  nlockmgr
    100021    1   tcp  32769  nlockmgr
    100021    3   tcp  32769  nlockmgr
    100021    4   tcp  32769  nlockmgr
    391002    2   tcp  32770  sgi_fam
[root@smallfry root]#


The NFS client must have a matching pair of forward and reverse DNS entries on the DNS server used by the NFS server. In other words, a DNS lookup on the NFS server for the IP address of the NFS client must return a server name that will map back to the original IP address when a DNS lookup is done on that same server name.

[root@bigboy tmp]# host domain name pointer 192-168-1-102.my-site.com.
[root@bigboy tmp]# host 192-168-1-102.my-site.com
192-168-1-102.my-site.com has address
[root@bigboy tmp]#

This is a security precaution added into the nfs package that lessens the likelihood of unauthorized servers from gaining access to files on the NFS server. Failure to correctly register your server IPs in DNS can result in "fake hostname" errors:

Nov  7 19:14:40 bigboy rpc.mountd: Fake hostname smallfry.my-site.com for - forward lookup doesn't exist

Making NFS Mounting Permanent

In most cases, users want their NFS directories to be permanently mounted. This requires an entry in the /etc/fstab file in addition to the creation of the mount point directory.

The /etc/fstab File

The /etc/fstab file lists all the partitions that need to be auto-mounted when the system boots. Therefore, you need to edit the /etc/fstab file if you need the NFS directory to be made permanently available to users on the NFS. For the example, mount the /data/files directory on server bigboy (IP address 192.16801.100) as an NFS-type filesystem using the local /mnt/nfs mount point directory.

#Directory                   Mount Point    Type   Options       Dump   FSCK   /mnt/nfs        nfs    soft,nfsvers=2  0      0

This example used the soft and nfsvers options; Table 29.1 outlines these and other useful NFS mounting options you may want to use. See the NFS man pages for more details.

Table 29.1 Possible NFS Mount Options




Retry mounting in the background if mounting initially fails


Mount in the foreground


Use soft mounting


Use hard mounting


The amount of data NFS will attempt to access per read operation. The default is dependent on the kernel. For NFS version 2, set it to 8192 to assure maximum throughput.


The amount of data NFS will attempt to access per write operation. The default is dependent on the kernel. For NFS version 2, set it to 8192 to assure maximum throughput.


The version of NFS the mount command should attempt to use


Attempt to mount the filesystem using TCP packets: the default is UDP.


If the filesystem is hard mounted and the mount times out, allow for the process to be aborted using the usual methods such as CTRL-C and the kill command.

The steps to mount the directory are fairly simple, as you'll see.

Permanently Mounting The NFS Directory

You'll now create a mount point directory, /mnt/nfs, on which to mount the remote NFS directory and then use the mount -a command activate the mount. Notice how before mounting there were no files visible in the /mnt/nfs directory, this changes after the mounting is completed:

[root@smallfry tmp]# mkdir /mnt/nfs
[root@smallfry tmp]# ls /mnt/nfs
[root@smallfry tmp]# mount -a
[root@smallfry tmp]# ls /mnt/nfs
ISO  ISO-RedHat  kickstart  RedHat
[root@smallfry tmp]#

Each time your system boots, it reads the /etc/fstab file and executes the mount -a command, thereby making this a permanent NFS mount.

Note: There are multiple versions of NFS, the most popular of which is version 2, which most NFS clients use. Newer NFS servers may also be able to handle NFS version 4. To be safe, it is best to force the NFS server to export directories as version 2 using the nfsvers=2 option in the /etc/fstab file as shown in the example. Failure to do so may result in an error message.

[root@probe-001 tmp]# mount -a
mount to NFS server '' failed: server is down.
[root@probe-001 tmp]#

Manually Mounting NFS File Systems

If you don't want a permanent NFS mount, then you can use the mount command without the /etc/fstab entry to gain access only when necessary. This is a manual process; for an automated process, seen in the section "The NFS automounter."

In this case, you're mounting the /data/files directory as an NFS-type filesystem on the /mnt/nfs mount point. The NFS server is bigboy whose IP address is

Notice how before mounting there were no files visible in the /mnt/nfs directory, this changes after the mounting is complete:

[root@smallfry tmp]# mkdir /mnt/nfs
[root@smallfry tmp]# ls /mnt/nfs
[root@smallfry tmp]# mount -t nfs /mnt/nfs
[root@smallfry tmp]# ls /mnt/nfs
ISO  ISO-RedHat  kickstart  RedHat
[root@smallfry tmp]#

Congratulations! You've made your first steps towards being an NFS administrator.

Activating Modifications To The /etc/exports File

You can force your system to re-read the /etc/exports file by restarting NFS. In a nonproduction environment, this may cause disruptions when an exported directory suddenly disappears without prior notification to users. Here are some methods you can use to update and activate the file with the least amount of inconvenience to others.

New Exports File

When no directories have yet been exported to NFS, use the exportfs -a command.

[root@bigboy tmp]# exportfs -a

Adding A Shared Directory To An Existing Exports File

When adding a shared directory, you can use the exportfs -r command to export only the new entries.

[root@bigboy tmp]# exportfs -r

Deleting, Moving Or Modifying A Share

Removing an exported directory from the /etc/exports file requires work on both the NFS client and server. The steps are:

1) Unexport the mount point directory on the NFS client using the umount command. In this case, you're unmounting the /mnt/nfs mount point.

[root@smallfry tmp]# umount /mnt/nfs

Note: You may also need to edit the /etc/fstab file of any entries related to the mount point if you want to make the change permanent even after rebooting.

2) Comment out the corresponding entry in the NFS server's /etc/exports file and reload the modified file.

[root@bigboy tmp]# exportfs -ua
[root@bigboy tmp]# exportfs -a

You have now completed a seamless removal of the exported directory with much less chance of having critical errors.

The NFS Automounter

The permanent mounting of filesystems has its disadvantages. For example, the /etc/fstab file is unique per Linux server and has to be individually edited on each. NFS client management, therefore, becomes more difficult. Also, the mount is permanent, tying up system resources even when the NFS server isn't being accessed.

NFS uses an automounter feature that overcomes these shortcomings by allowing you to bypass the /etc/fstab file for NFS mounts, instead using an NFS-specific map file that can be distributed to multiple clients. In addition, you can use the file to specify the expected duration of the NFS mount, after which time it is unmounted automatically. However, automounter continues to report to the operating system kernel that the mount is still active. When the kernel makes an NFS file request, automounter intercepts it and mounts the remote directory on the mount point defined in the map file. The mount point directory is dynamically created by the automounter when needed, after the timeout period the remote directory is unmounted and the mount point is deleted.

Automounter Map Files

The master map file of automounter has a simple format that defines the name of the mount point directory in the first column and the subsidiary map file that controls its mounting in the second. You can add mounting options to a third column.

In the example, the /home directory needs to be automounted on an NFS server and the configuration information is defined in the /etc/auto.home file. Finally, the mount will only last for five minutes (300 seconds), and this value will act as a default for all the entries in the /etc/auto.home file.

Irregular entries that don't match /home are placed in the /etc/auto.direct file.

# File: /etc/auto.master
/home   /etc/auto.home --timeout=300
/-      /etc/auto.direct

Direct Maps

Direct maps are used to define NFS filesystems that are mounted on different servers or that all don't start with the same prefix.

Indirect Maps

Indirect maps define directories that can be mounted under the same mount point. A good example would be all the users' directories under /home.

Note: Based on preliminary testing, an early release of Fedora Core 3 doesn't appear to work correctly with automounter. You have to have one indirect map defined to avoid startup errors, and after doing so, the maps don't appear to be activated. No errors occur in the logs either.

The Structure Of Direct And Indirect Map Files

The format of these map files is similar to that of the /etc/auto.master file, except that columns two and three have been switched.

Column one lists all the directory keys that will activate the automounter feature. It is also the name of the mount point under the directory listed in the /etc/auto.master file. The second column provides all the NFS options to be used, and the third column lists the NFS servers and the filesystems that map to the keys.

When the NFS client accesses a file, it refers to the keys in the /etc/auto.master file to see whether any fall within the realm of the automounter's responsibility. If one does, then automounter checks the subsidiary map file for subdirectory mount point key. If it finds one, then automounter mounts the files for the system.

Indirect Map File Example

In the previous example, the /etc/auto.master file redirected all references to the /home directory to the /etc/auto.home file. This second file has entries for peter, bob, and bunny; these directories are actually mount points for directories on servers bigboy, ochorios, and waitabit.

# File: /etc/auto.home
peter   bigboy:/home/peter
bob     ochorios:/home/bob
bunny   waitabit:/home/bunny

Direct Map File Example

The second entry in the /etc/auto.master file was specifically created to handle all references to one of a kind directory prefixes. In the example the /data/sales and /sql/database are the mount points for directories on servers bigboy and waitabit.

# File: /etc/auto.direct
/data/sales          -rw           bigboy:/disk1/data/sales
/sql/database        -ro,soft       waitabit:/var/mysql/database

Note: The automounter treats direct mounts as if they were files in a directory, not as individual directories. This means all direct mount points in the same directory are mounted simultaneously even if only one of them is being accessed. This can cause excessive mounting activity that can slow response times. There are tricks you can use to avoid this, perhaps the simplest is just to place direct mount points in different directories.

Note: Direct map entries in the /etc/auto.master file must all begin with /-, and you can use absolute path names with direct map files only, if you don't then you'll get an error like this in your /var/log/messages file:

Nov  7 19:24:12 smallfry automount[31801]: bad map format: found indirect, expected direct exiting

Wildcards In Map Files

You can use two types of wildcards in a map file. The asterisk (*), which means all, and the ampersand (&), which instructs automounter to substitute the value of the key for the & character.

Using the Ampersand Wildcard

In the example below, the key is peter, so the ampersand wildcard is interpreted to mean peter too. This means you'll be mounting the bigboy:/home/peter directory.

# File: /etc/auto.home
peter   bigboy:/home/&

Using the Asterisk Wildcard

In the example below, the key is *, meaning that automounter will attempt to mount any attempt to enter the /home directory. But what's the value of the ampersand? It is actually assigned the value of the key that triggered the access to the /etc/auto.home file. If the access was for /home/peter, then the ampersand is interpreted to mean peter, and bigboy:/home/peter is mounted. If access was for /home/bob, then bigboy:/home/bob would be mounted.

# File: /etc/auto.home
*   bigboy:/home/&

Starting Automounter

Fedora Linux installs the automounter RPM, called autofs, by default . Here are some quick steps to get automounter started.

1) Use the chkconfig command to configure the automounter daemons to start at boot. Activate NFS file locking to reduce the risk of corrupted data.

[root@bigboy tmp]# chkconfig autofs on

2) Use the init scripts in the /etc/init.d directory to start the automounter daemons. The example uses the start option, but you can also stop and restart the process with the stop and restart options.

[root@bigboy tmp]# service autofs start

3) Use the pgrep command to determine whether automounter is running. If it is, the command will return the process ID of the automount daemon.

[root@bigboy tmp]# pgrep automount
[root@bigboy tmp]#

As you can see, managing the startup of automounter is very similar to that of other Linux applications and should be easy to remember.

Automounter Examples

Now that you understand NFS automounter, you may benefit from an example. Chapter 30, "Configuring NIS", contains a full scenario in which a school computer laboratory uses automounter to centrally house all the home directories of its students. Additional centralization is also achieved by using NIS for login authentication, access, and accounting control.

Troubleshooting NFS

A basic NFS configuration usually works without problems when the client and server are on the same network. The most common problems are caused by forgetting to start NFS, to edit the /etc/fstab file, or to export the /etc/exports file. Another common cause of failure is the iptables firewall daemon running on either the server or client without the administrator realizing it.

When the client and server are on different networks, these checks still apply, but you'll also have to make sure basic connectivity has been taken care of as outlined in Chapter 4, "Simple Network Troubleshooting". Sometimes a firewall being present on the path between the client and server can cause difficulties.

As always, no troubleshooting plan would be complete without frequent reference to the /var/log/messages file when searching for additional clues. Table 29.2 shows some common NFS errors you'll encounter.

Table 29.2 Some Common NFS Error Messages



Too many levels of remote in path

Attempting to mount a filesystem that has already been mounted.

Permission denied

User is denied access. This could be the client's root user who has unprivileged status on the server due to the root_squash option. Could also be because the user on the client doesn't exist on the server.

No such host

Typographical error in the name of the server.

No such file or directory

Typographical error in the name of the file or directory: they don't exist.

NFS server is not responding

The server could be overloaded or down.

Stale file handle

A file that was previously accessed by the client was deleted on the server before the client closed it.

Fake hostname

Forward and reverse DNS entries don't exist for the NFS client.

The showmount Command

When run on the server, the showmount -a command lists all the currently exported directories. It also shows a list of NFS clients accessing the server, in this case one client has an IP address of

[root@bigboy tmp]# showmount -a
All mount points on bigboy:
[root@bigboy tmp]#

The "df" Command

The df command lists the disk usage of a mounted filesystem. Run it on the NFS client to verify that NFS mounting has occurred. In many cases, the root_squash mount option will prevent the root user from doing this, so it's best to try it as an unprivileged user.

[nfsuser@smallfry nfsuser]$ df -F nfs
Filesystem           1K-blocks      Used Available Use% Mounted on
                       1032056    346552    633068  36% /home/nfsuser
[nfsuser@smallfry nfsuser]$

The nfsstat Command

The nfsstat command provides useful error statistics. The -s option provides NFS server stats, while the -c option provides them of for clients. Threshold guidelines are provided in Table 29.3.

[root@bigboy tmp]# nfsstat -s
Server rpc stats:
calls      badcalls   badauth    badclnt    xdrcall
1547       0          0          0          0
Server nfs v2:
null       getattr    setattr    root       lookup     readlink
244    100% 0       0% 0       0% 0       0% 0       0% 0       0%
read       wrcache    write      create     remove     rename
0       0% 0       0% 0       0% 0       0% 0       0% 0       0%
link       symlink    mkdir      rmdir      readdir    fsstat
0       0% 0       0% 0       0% 0       0% 0       0% 0       0%
Server nfs v3:
null       getattr    setattr    lookup     access     readlink
251    19% 332    25% 0       0% 265    20% 320    24% 0       0%
read       write      create     mkdir      symlink    mknod
39      2% 14      1% 1       0% 1       0% 0       0% 0       0%
remove     rmdir      rename     link       readdir     readdirplus
0       0% 0       0% 0       0% 0       0% 0       0% 31       2%
fsstat     fsinfo     pathconf   commit
1       0% 34      2% 0       0% 14      1%
[root@bigboy tmp]#

Table 29.3 Error Thresholds For The "nfsstat" Command





> 10%

Excessive numbers of symbolic links slowing performance. Try to replace them with a directory and mount the filesystem directly on this new mount point.


> 50%

File attributes, like file data, is cached in NFS. This value tracks the percentage of file attribute reads that are not from cache refresh requests. Usually caused by the NFS "noac" mount option which prevents file attribute caching.


> 0

Bad RPC requests. Could be due to poorly configured authentication, the root user attempting to access data governed by the "root_squash" directive or having a user in too many groups.


> 5%

Percentage of requests for service that the client had to retransmit to the servers. Could be due to slow NFS servers or poor network conditions.


> 10%

Writes are slow due to poor caching values. Check the "noac" and "wsize" mount options.


> 10%

Reads are slow due to poor caching values. Check the "noac" and "rsize" mount options.

Other NFS Considerations

NFS can be temperamental. An incorrect configuration can cause it to be unresponsive. Its security is relatively weak, and you have to be aware of the file permissions on both the NFS client and server to get it to work correctly. Often these issues can be resolved with some basic guidelines outlined in this section.


NFS and portmap have had a number of known security deficiencies in the past. As a result, I don't recommended using NFS over insecure networks. NFS doesn't encrypt data and it is possible for root users on NFS clients to have root access the server's filesystems. You can exercise security-related caution with NFS by following a few guidelines:

  • Restrict its use to secure networks
  • Export only the most needed data
  • Consider using read-only exports whenever data updates aren't necessary.
  • Use the root_squash option in /etc/exports file (default) to reduce the risk of the possibility of a root user on the NFS client having root file permission access on the NFS server. This is normally an undesirable condition, especially if the NFS client and NFS server are being managed by different sets of administrators.

These points should be the foundation of your NFS security policy, however, the list isn't comprehensive due to the concise scope of this book. I'd suggest that you refer to a dedicated NFS reference for more detailed advice.

NFS Hanging

As stated before, if the NFS server fails, the NFS client waits indefinitely for it to return. This also forces programs relying on the same client server relationship to wait indefinitely too.

For this reason, use the soft option in the NFS client's /etc/fstab file. This causes NFS to report an I/O error to the calling program after a long timeout.

You can reduce the risk of NFS hanging by taking a number of precautions:

  • Run NFS on a reliable network.
  • Avoid having NFS servers that NFS mount each other's filesystems or directories.
  • Always use the sync option whenever possible.
  • Do not have mission-critical computers rely on an NFS server to operate, unless the server's reliability can be guaranteed.
  • Do not include NFS-mounted directories as part of your search path, because a hung NFS connection to a directory in your search path could cause your shell to pause at that point in the search path until the NFS session is regained.

File Locking

NFS allows multiple clients to mount the same directory, but NFS has a history of not handling file locking well, although more recent versions are said to have rectified the problem. Test your network-based applications thoroughly before considering using NFS.

Nesting Exports

NFS doesn't allow you to export directories that are subdirectories of directories that have already been exported unless they are on different partitions.

Limiting root Access

NFS doesn't allow a root user on a NFS client to have root privileges on the NFS server. This can be disabled with the no_root_squash export option in the /etc/exports file. This is normally an undesirable condition, especially if the NFS client and NFS server are being managed by different sets of administrators.

Restricting Access to the NFS server

NFS doesn't provide restrictions on a per-user basis. If a user named nfsuser exists on the NFS client, then they will have access to all the files of a user named nfsuser on the NFS server. It is best, therefore, to use the /etc/exports file to limit access to certain trusted servers or networks.

You may also want to use a firewall to protect access to the NFS server. A main communication control channel is usually created between the client and server on TCP port 111, but the data is frequently transferred on a randomly chosen TCP port negotiated between them. There are ways to limit the TCP ports used, but that is beyond the scope of this book.

You may also want to eliminate any wireless networks between your NFS server and client, and it is not wise to mount an NFS share across the Internet as access could be either slow, intermittent or insecure.

File Permissions

The NFS file permissions on the NFS server are inherited by the client. It can become complicated especially if the users and user groups on the NFS client that are expected to access data on the NFS server don't exist on the NFS server.

For simplicity, make the key users and groups on both systems match and make sure the permissions on the NFS client mount point and the exported directories of the NFS server are in keeping with the your operational objectives.


As you have seen NFS can be a very powerful tool in providing clients with access to large amounts of data, such as a database stored on a centralized server. Many of the new network-attached storage products currently available on the market rely on NFS - a testament to its popularity, increasing stability, and improving security.