305.4 Network File System (weight: 3)

Tech Tutorial: 305.4 Network File System (NFSv4) #

Introduction #

NFS (Network File System) is a distributed file system protocol that allows a user on a client computer to access files over a network in a manner similar to how local storage is accessed. NFSv4, the fourth version of NFS, includes improvements over its predecessors, such as better performance, security features, and support for ACLs (Access Control Lists). In this tutorial, we’ll delve into setting up an NFSv4 server, configuring ID mapping, using NFSv4 ACLs, and securing NFS with Kerberos authentication.

Key Knowledge Areas #

  • Setting up an NFSv4 server
  • Configuring NFS clients
  • Understanding and implementing ID mapping
  • Managing NFSv4 ACLs
  • Configuring Kerberos for NFS

Utilities: #

  • exportfs
  • showmount
  • nfsstat
  • mount
  • umount
  • rpcinfo

Prerequisites #

  • Two Linux machines (one as an NFS server, one as a client)
  • Network connectivity between both machines
  • Sudo or root privileges on both machines
  • Kerberos server if using Kerberos authentication (optional for this tutorial)

Step-by-Step Guide #

1. Setting up the NFS Server #

Install NFS packages on your server.

sudo apt update
sudo apt install nfs-kernel-server

Configure the NFS exports. Create a directory to share and edit /etc/exports.

sudo mkdir /srv/nfs
sudo chown nobody:nogroup /srv/nfs
echo "/srv/nfs 192.168.1.0/24(rw,sync,no_subtree_check)" | sudo tee -a /etc/exports

Export the shares and restart NFS service.

sudo exportfs -arv
sudo systemctl restart nfs-kernel-server

2. Setting up the NFS Client #

Install NFS common packages on your client.

sudo apt update
sudo apt install nfs-common

Mount the NFS share.

sudo mount -t nfs4 192.168.1.100:/srv/nfs /mnt

Verify the mount.

mount | grep nfs

3. ID Mapping Configuration #

Ensure that ID mapping is working properly (This step assumes NFSv4 is used which handles ID mapping differently than NFSv3).

ls -l /mnt

4. Managing NFSv4 ACLs #

NFSv4 supports ACLs that provide more detailed permission settings compared to traditional UNIX permissions.

Set an ACL on the server.

nfs4_setfacl -a A::1001:rw /srv/nfs/samplefile

Check the ACL on the client.

nfs4_getfacl /mnt/samplefile

5. Configuring Kerberos for NFS #

Setup Kerberos authentication for NFS. This assumes you have a Kerberos server already configured.

On the server, edit /etc/default/nfs-kernel-server to add Kerberos support.

echo "NEED_SVCGSSD=yes" | sudo tee -a /etc/default/nfs-kernel-server

Restart NFS server with Kerberos support.

sudo systemctl restart nfs-kernel-server

On the client, mount the NFS with Kerberos.

sudo mount -t nfs4 -o sec=krb5 192.168.1.100:/srv/nfs /mnt

Conclusion #

In this tutorial, we have covered the essentials of setting up NFSv4, from installation and configuration to more advanced topics like ACL management and Kerberos authentication. NFSv4 provides significant improvements in security and functionality over previous versions, making it suitable for modern networked environments. Remember, always test configurations in a secure environment before deploying them in production.