VectorLinux
October 30, 2014, 09:21:07 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: How To Set Up a Simple Home Network with nfs  (Read 5831 times)
GrannyGeek
Packager
Vectorian
****
Posts: 2567


« on: October 15, 2006, 01:02:02 pm »

Disclaimer: I am far from an expert on networking. All I know is that what I'm describing works for me and I've done it many times as I've installed various versions of VectorLinux on different computers. It's been difficult to find an easy explanation of how to set up a simple nfs home network, which is why I'm writing this although I certainly don't have the expertise. If you see errors or know a better way to do anything I'm describing, please do let us know.

Setting Up an nfs Home Network

With an nfs network, the shared directories and files on the remote computers will be listed at a mount point you set up. I create a mount point in the /mnt directory and give it the name of the computer I'm mounting, such as /mnt/Toshiba or /mnt/hall. You can then use the files just as you do on your local computer.

I like to see and have all files accessible on the computers in my network. Therefore, I share the root directory, which includes all the directories that live on the partition. You can do more limited sharing, of course. When you share a directory, all files in that directory are also shared. You cannot network Windows computers to Linux with nfs without special Windows software. For Windows sharing, use Samba. Although I can see all the shared files, I can modify only the files for which I have permissions. Ownership works the same on the remote computers as it does on the local computer.

VL 5.8 Standard and later versions of VL have all files needed for setting up a home nfs network, so you can proceed to the next step if you're using 5.8 or later.

Next, make sure the computers you're networking have unchanging identifications. I've assigned fixed IP addresses to the three computers I network with nfs. There are other ways to make sure your computers do not change their IP addresses even if you use DHCP but I don't know how to do that. Also make sure that any users who want to share files over the network have the same user ID and group ID on all the networked computers. You can find the UID and GID for all users in the /etc/passwd file.

Now you need to edit some files: /etc/exports, /etc/hosts, /etc/hosts.allow, /etc/hosts.deny, and /etc/fstab.

/etc/hosts maps hostnames of remote computers to addresses. You'll need to add a line like this example:
192.168.1.10     Toshiba.mydomain Toshiba                                         
If you have more than two computers networked, you'll need a line like that for all the IP addresses of your remote computers. See man hosts for more explanations and examples.

/etc/exports contains a list of all directories exported to other computers. This is the line in my /etc/exports file:
/ Toshiba(rw,async,no_root_squash) hall(rw,async,no_root_squash) compaq(rw,async,no_root_squash)

What this means is that I'm exporting the root directory to all computers on the list. I have the same line in /etc/exports on all my computers. When you export the root directory, you export all the directories under root. If you use no_root_squash, you can do anything as root on the other computers that you can do on the computer you're accessing from. By default in nfs, root has no privileges on the computer at the other end. This is a security feature, but it's not necessarily desirable for physically secure home networks. There are just two of us in our house and I'm the only one who uses the computers, so there is no risk that someone else by accident or on purpose could do something harmful to the other computer. If you are root on all the computers on your network, you probably want root privileges on the remote computers. In order to have root privileges on the other computers on the network, you need to add no_root_squash to whatever you're exporting in /etc/exports. rw means read/write access is allowed; async means the data is cached and written at the system's convenience. This may improve performance, but in case of a system crash, you would lose data. If you want safety over performance, use sync instead of async in the line above.  sync means the data is written immediately, not cached.

/etc/hosts.allow shows which addresses are allowed to connect to your network services. Mine says:
ALL:192.168.1.
That means connections to any local network services are allowed from any computer starting with the address 192.168.1.--that is, any computer on my network. A computer with an address like 192.168.2.10, for example, would not be allowed access to any network services.

/etc/hosts.deny shows which addresses are NOT allowed to connect to your network services. Mine says:
ALL:ALL
That means no computer except the ones named in /etc/hosts.allow is allowed access to anything.

Now you'll add a line to /etc/fstab so you can mount the shared file system. On my computer called hall I have a /mnt/Toshiba directory for the laptop's file system. On my computer Toshiba I have a /mnt/hall directory. This is the line I have in /etc/fstab on hall:
# NFS file systems:                                                             
Toshiba:/   /mnt/Toshiba   nfs  users,noauto  0 0           

and this line in /etc/fstab on Toshiba:
# NFS file systems:                                                             
hall:/     /mnt/hall     nfs   defaults,noauto,users    0 0     

What the line above means is mount the root (and directories under root) from hall on the /mnt/hall mount point using the nfs file system, let any user mount and unmount it, and do not mount it automatically.

File systems mounted in the /mnt directory of the remote computer do not show up in the /mnt/hall or /mnt/Toshiba directory of the computer at which I'm working. So if, for example, I look in the /mnt/hall/windows_c directory, its files will not be displayed if I'm at the computer named Toshiba. It is possible to include shares in the /mnt directory but it needs its own topic.

After the files in /etc are edited to meet your needs for your home network, you then run a series of commands as root in this order:
# rpc.portmap
# rpc.mountd
# rpc.nfsd
# rpc.statd
# rpc.rquotad
# exportfs -a
These commands are in the /sbin and /usr/sbin directories. You should not get error messages if everything is set up correctly. Your nfs network should start automatically and you shouldn't need to run the commands again.

You have to do these steps on all the computers you want to network through nfs. Then you can try to mount the files from the other computer something like this:
mount /mnt/Toshiba

Make sure your firewall isn't blocking incoming connections from the local network. I don't use a software firewall and turn off any firewalls loaded in Linux, so I'm not familiar with what complications, if any, a firewall may add to the mix. I use the firewall built into my router. If you don't have a router, disconnect from the Internet if you're going to play with the firewall.

Security
A user account has access to the corresponding user account on the networked computers. User cannot do any root things on either computer. Your user account cannot do anything to files belonging to another user on the networked computers. Root cannot do anything on the remote computers unless the no_root_squash option is specified in /etc/exports. You are not asked for a password when you access the remote computer shares, but you have access only to the account with the same UID and GID. Only the computers specified in /etc/hosts.allow can have any access. If you let other people operate from your user account, they'll also have access to the same user account on the remote computer. If they know the root password, they'll be able to su to root and access the remote computer as root. If you are casual about letting other people use your own account, they could do serious damage to your account on the remote computer whether by accident or on purpose.

I also think that if you have a wireless network, you should be very sure it is well secured. WEP is considered nearly useless now because it's easily cracked. Use WPA or WPA2 with a very strong password.

You have several options with nfs for what you share and what you allow. There are man pages for exports and hosts and they are worth a look. Frankly, I understand almost nothing in those man pages and don't find them very helpful, but every little bit is worth something. If you're not up to deciphering man pages, just copy and paste the examples I included and change them to fit your situation. It's a lot easier to do this than to describe it.
--GrannyGeek
« Last Edit: February 25, 2009, 05:56:06 pm by GrannyGeek » Logged

Registered Linux User #397786

Happily running VL 7 Gold on  a Sempron LE-1300 desktop (2.3 GHz), 4 G RAM,  GeForce 6150 SE onboard graphics and on an HP Pavilion dv7 i7, 6 gigs, Intel 2nd Generation Integrated Graphics Controller
LLL
Global Moderator
Vectorite
*****
Posts: 263


The sun is shining...


« Reply #1 on: November 24, 2006, 10:04:14 pm »

Going to give this a try tomorrow - thanks, GG! Smiley

QUESTION:
You say...
File systems mounted in the /mnt directory of the remote computer do not show up in the /mnt/hall or /mnt/Toshiba directory of the computer at which I'm working. So if, for example, I look in the /mnt/hall/windows_c directory, its files will not be displayed if I'm at the computer named Toshiba.
...does that mean that if I usually mount /dev/hdb2 @ /mnt/win on Box #1, then view Box #1 using NFS from Box #2, I won't see contents of /mnt/win?

My goal is to have access to all my media files stored on box #1 from box #2, but those media files reside on a partition that is auto-mounted on box #1.

You're right: This is easier done than I said...and I haven't even done it yet! Tomorrow!

THANKS, GG!

LLL
Logged

Lost & Lovin' Linux...living on:
VectorLinux 6.0 with XFCE on Thinkpad T43p (2.13 GHz | 2GB | 60GB)
GrannyGeek
Packager
Vectorian
****
Posts: 2567


« Reply #2 on: November 25, 2006, 01:24:37 am »

...does that mean that if I usually mount /dev/hdb2 @ /mnt/win on Box #1, then view Box #1 using NFS from Box #2, I won't see contents of /mnt/win?

In my experience, you won't see the contents of /Box1/mnt/win from Box 2. It may be that there's some way to set it up so you can see the contents of file systems in the /mnt directory of the remote computer, but if there is, I don't know how.

I share the root directory and all other directories between my computers, but I've never been able to see any mounted file systems in the /mnt directory (or other mount point) of the remote computer. My knowledge of networking is rudimentary, though, so I'm all ears if anyone knows how to do this.

UPDATE: I've learned how to do this and will post a how-to when I have time and an opportunity to test it out.
--GrannyGeek
« Last Edit: February 25, 2009, 05:58:30 pm by GrannyGeek » Logged

Registered Linux User #397786

Happily running VL 7 Gold on  a Sempron LE-1300 desktop (2.3 GHz), 4 G RAM,  GeForce 6150 SE onboard graphics and on an HP Pavilion dv7 i7, 6 gigs, Intel 2nd Generation Integrated Graphics Controller
LLL
Global Moderator
Vectorite
*****
Posts: 263


The sun is shining...


« Reply #3 on: November 26, 2006, 09:55:04 am »

Learning: This may address the /mnt issue where remote mount points don't show up...

Quote
Say you have two directories exported in the same tree. If one of those directories is below the first, it makes sense that you would normally mount both on the client. If you only mounted the parent directory, you would see the second directory but with no data beneath it. It is hidden, right? Now, if you want to have the entire sub-tree visible as well, use the no_hide option. Use it with care, however, since the clients have been known to have strange duplicate inode problems with this one. As you might have guessed, the default option is to hide. In the same vein, we have the last non-squashing permission, no_subtree_check. This is another one related to subdirectories. If the directory you are exporting is actually a subdirectory of a file system, then the directories above may have something to say about permissions. Since you only have access to the files and directories which are exported, checking must be done to ensure security throughout the chain. The default is to allow subtree_check which may have minor security implications. If this is a concern, remember to specify no_subtree_check.

From Marcel Gagne's (very dated, but still relevant?) NFS how-to:
- PART 1: http://www.linuxjournal.com/article/4710
- PART 2 http://www.linuxjournal.com/article/5300

I am still getting this error:
Quote
mount: 192.168.0.163:/home/andy2 failed, reason given by server: Permission denied
...but I am plugging away. Thanks for the tips, Granny!
Logged

Lost & Lovin' Linux...living on:
VectorLinux 6.0 with XFCE on Thinkpad T43p (2.13 GHz | 2GB | 60GB)
GrannyGeek
Packager
Vectorian
****
Posts: 2567


« Reply #4 on: November 26, 2006, 11:50:42 am »

From Marcel Gagne's (very dated, but still relevant?) NFS how-to:
- PART 1: http://www.linuxjournal.com/article/4710
- PART 2 http://www.linuxjournal.com/article/5300

I am still getting this error:
Quote
mount: 192.168.0.163:/home/andy2 failed, reason given by server: Permission denied
...but I am plugging away. Thanks for the tips, Granny!

The first article was mostly stuff I already know or don't need to know, but the second may prove helpful. Thanks! I'll study it when my DSL is back. It's not working this weekend, so I'm on dialup (triple-ugh!!). Let me know if you solve your permission problem.
--GrannyGeek
Logged

Registered Linux User #397786

Happily running VL 7 Gold on  a Sempron LE-1300 desktop (2.3 GHz), 4 G RAM,  GeForce 6150 SE onboard graphics and on an HP Pavilion dv7 i7, 6 gigs, Intel 2nd Generation Integrated Graphics Controller
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!