NFS Use Case
Introduction
- This document is a use case example with three computers.
- The steps in this use case coincide with the steps in my fully commented NFS guide.
- The example is of a family with three computers.
- Sally has a computer.
- Dave has a computer.
- The two children share a computer.
- All three computers are in different rooms in the same house.
- The computers are connected by ethernet and are behind a hardware router.
- Each computer has a static LAN IP.
- The computers will use NFS to share certain directories with each other.
Meet the family:
Sally | Dave | The children |
Creating the shares
Step 01 – The family writes down its computer information:
|
|||||||||||||
|
|||||||||||||
|
Step 02 – The family creates mount points:
SALLY creates a mount point she can use to visit Dave’s computer: mkdir /home/sally/daveshare SALLY creates a mount point she can use to visit the children’s computer: mkdir /home/sally/childrenshare |
|
DAVE creates a mount point he can use to visit Sally’s computer: mkdir /home/dave/sallyshare DAVE creates a mount point he can use to visit the children’s computer: mkdir /home/dave/childrenshare |
|
THE CHILDREN create a mount point they can use to visit Sally’s computer: mkdir /home/children/momshare THE CHILDREN create a mount point they can use to visit Dave’s computer: mkdir /home/children/dadshare |
Step 03 – The family installs some software:
SALLY installs some packages: sudo apt-get install nfs-kernel-server |
|
DAVE installs some packages: sudo apt-get install nfs-kernel-server |
|
THE CHILDREN install some packages: sudo apt-get install nfs-kernel-server |
Step 04 – The family edits the hosts.deny file:
SALLY edits the hosts.deny file: kdesudo kate /etc/hosts.deny SALLY adds this line to the bottom of the file: rpcbind mountd nfsd statd lockd rquotad : ALL |
|
DAVE edits the hosts.deny file: kdesudo kate /etc/hosts.deny DAVE adds this line to the bottom of the file: rpcbind mountd nfsd statd lockd rquotad : ALL |
|
THE CHILDREN edit the hosts.deny file: kdesudo kate /etc/hosts.deny THE CHILDREN add this line to the bottom of the file: rpcbind mountd nfsd statd lockd rquotad : ALL |
Step 05 – The family edits the hosts.allow file:
SALLY edits the hosts.allow file: kdesudo kate /etc/hosts.allow SALLY adds this line to the bottom of the file, with references to all of the NFS software, her own computer’s loopback IP, Dave’s IP and the children’s IP: rpcbind mountd nfsd statd lockd rquotad: 127.0.0.1 192.168.1.200 192.168.1.123 |
|
DAVE edits the hosts.allow file: kdesudo kate /etc/hosts.allow DAVE adds this line to the bottom of the file, with references to all of the NFS software, his own computer’s loopback IP, Sally’s IP and the children’s IP : rpcbind mountd nfsd statd lockd rquotad: 127.0.0.1 192.168.1.100 192.168.1.123 |
|
THE CHILDREN edit the hosts.allow file: kdesudo kate /etc/hosts.allow THE CHILDREN add this line to the bottom of the file, with references to all of the NFS software, their own computer’s loopback IP, Sally’s IP and Dave’s IP : rpcbind mountd nfsd statd lockd rquotad: 127.0.0.1 192.168.1.100 192.168.1.200 |
Step 06 – The family edits the exports file:
SALLY edits the exports file: kdesudo kate /etc/exports SALLY adds this line to the bottom of the file to share photos with Dave: /home/sally/photos 192.168.1.200(rw,sync,no_subtree_check) SALLY adds this line to the bottom of the file to share stories with the children: /home/sally/stories 192.168.1.123(rw,sync,no_subtree_check) |
|
DAVE edits the exports file: kdesudo kate /etc/exports DAVE adds this line to the bottom of the file to share work with Sally: /home/dave/work 192.168.1.100(rw,sync,no_subtree_check) DAVE adds this line to the bottom of the file to share games with the children: /home/dave/games 192.168.1.123(rw,sync,no_subtree_check) |
|
THE CHILDREN edit the exports file: kdesudo kate /etc/exports THE CHILDREN add this line to the bottom of the file to share homework with Sally and Dave: /home/children/homework 192.168.1.100(rw,sync,no_subtree_check) 192.168.1.200(rw,sync,no_subtree_check) |
Step 07 – The family edits the fstab file:
SALLY edits the fstab file: kdesudo kate /etc/fstab SALLY adds this line to the bottom of the file so she can visit Dave’s share: 192.168.1.200:/home/dave/work /home/sally/daveshare nfs users,rw,hard,intr,noauto,noexec 0 0 SALLY adds this line to the bottom of the file so she can visit the children’s share: 192.168.1.123:/home/children/homework /home/sally/childrenshare nfs users,rw,hard,intr,noauto,noexec 0 0 |
|
DAVE edits the fstab file: kdesudo kate /etc/fstab DAVE adds this line to the bottom of the file so he can visit Sally’s share: 192.168.1.100:/home/sally/photos /home/dave/sallyshare nfs users,rw,hard,intr,noauto,noexec 0 0 DAVE adds this line to the bottom of the file so he can visit the children’s share: 192.168.1.123:/home/children/homework /home/dave/childrenshare nfs users,rw,hard,intr,noauto,noexec 0 0 |
|
THE CHILDREN edit the fstab file: kdesudo kate /etc/fstab THE CHILDREN add this line to the bottom of the file so they can visit Sally’s share: 192.168.1.100:/home/sally/stories /home/children/momshare nfs users,rw,hard,intr,noauto,noexec 0 0 THE CHILDREN add this line to the bottom of the file so they can visit Dave’s share: 192.168.1.200:/home/dave/games /home/children/dadshare nfs users,rw,hard,intr,noauto,noexec 0 0 |
Step 08 – The family edits the nfs-common file:
SALLY edits the nfs-common file:
kdesudo kate /etc/default/nfs-common SALLY finds this line in the file: NEED_GSSD= SALLY replaces it with this line: NEED_GSSD="no" |
|
DAVE edits the nfs-common file:
kdesudo kate /etc/default/nfs-common DAVE finds this line in the file: NEED_GSSD= DAVE replaces it with this line: NEED_GSSD="no" |
|
THE CHILDREN edit the nfs-common file:
kdesudo kate /etc/default/nfs-common THE CHILDREN finds this line in the file: NEED_GSSD= THE CHILDREN replaces it with this line: NEED_GSSD="no" |
Step 09 – The family edits the nfs-kernel-server file
SALLY edits the nfs-kernel-server file:
kdesudo kate /etc/default/nfs-kernel-server SALLY finds the NEED_SVCGSSD line in the file. SALLY replaces it with this line: NEED_SVCGSSD="no" |
|
DAVE edits the nfs-kernel-server file:
kdesudo kate /etc/default/nfs-kernel-server DAVE finds the NEED_SVCGSSD line in the file. DAVE replaces it with this line: NEED_SVCGSSD="no" |
|
THE CHILDREN edit the nfs-kernel-server file:
kdesudo kate /etc/default/nfs-kernel-server THE CHILDREN find the NEED_SVCGSSD line in the file. THE CHILDREN replace it with this line: NEED_SVCGSSD="no" |
Step 10 – The family exports the shares:
SALLY exports her shares: sudo exportfs -ar |
|
DAVE exports his shares: sudo exportfs -ar |
|
THE CHILDREN export their shares: sudo exportfs -ar |
Step 11 – The family restarts the nfs-kernel-server:
SALLY restarts the nfs-kernel-server: sudo service nfs-kernel-server restart |
|
DAVE restarts the nfs-kernel-server: sudo service nfs-kernel-server restart |
|
THE CHILDREN restart the nfs-kernel-server: sudo service nfs-kernel-server restart |
Working with the shares
The family connects to the shares:
SALLY manually connects to Dave’s share: sudo mount /home/sally/daveshare SALLY manually connects to the children’s share: sudo mount /home/sally/childrenshare |
|
DAVE manually connects to Sally’s share: sudo mount /home/dave/sallyshare DAVE manually connects to the children’s share: sudo mount /home/dave/childrenshare |
|
THE CHILDREN manually connect to Sally’s share: sudo mount /home/children/momshare THE CHILDREN manually connect to Dave’s share: sudo mount /home/children/dadshare |
The family uses the shares:
SALLY visits Dave’s share by opening her /home/sally/daveshare folder. SALLY shares photos with Dave by putting them in her /home/sally/photos folder. SALLY visits the children’s share by opening her /home/sally/childrenshare folder. SALLY shares stories with the children by putting them in her /home/sally/stories folder. |
|
DAVE visits Sally’s share by opening his /home/dave/sallyshare folder. DAVE shares his work with Sally by putting them in his /home/dave/work folder. DAVE visits the children’s share by opening his /home/dave/childrenshare folder. DAVE shares games with the children by putting them in his /home/dave/games folder. |
|
THE CHILDREN visit Sally’s share by opening their /home/children/momshare folder. THE CHILDREN share their homework with Sally by putting it in their /home/children/homework folder. THE CHILDREN visit Dave’s share by opening their /home/children/dadshare folder. THE CHILDREN share their homework with Dave by putting it in their /home/children/homework folder. |
The family disconnects from the shares:
SALLY stops visiting Dave’s share by disconnecting from it: sudo umount /home/sally/daveshare SALLY stops visiting the children’s share by disconnecting from it: sudo umount /home/sally/childrenshare |
|
DAVE stops visiting Sally’s share by disconnecting from it: sudo umount /home/dave/sallyshare DAVE stops visiting the children’s share by disconnecting from it: sudo umount /home/dave/childrenshare |
|
THE CHILDREN stop visiting Sally’s share by disconnecting from it: sudo umount /home/children/momshare THE CHILDREN stop visiting Dave’s share by disconnecting from it: sudo umount /home/children/dadshare |
Examples
These examples show only the relevant information that pertains to NFS. Some files on your computer (like the /etc/fstab file, for instance) may contain more than what is shown here.
/etc/network/interfaces
SALLY’S /etc/network/interfaces file: auto lo iface lo inet loopback address 127.0.0.1 netmask 255.0.0.0 auto eth0 iface eth0 inet static address 192.168.1.100 netmask 255.255.255.0 gateway 192.168.1.1 |
|
DAVE’S /etc/network/interfaces file: auto lo iface lo inet loopback address 127.0.0.1 netmask 255.0.0.0 auto eth0 iface eth0 inet static address 192.168.1.200 netmask 255.255.255.0 gateway 192.168.1.1 |
|
THE CHILDREN’S /etc/network/interfaces file: auto lo iface lo inet loopback address 127.0.0.1 netmask 255.0.0.0 auto eth0 iface eth0 inet static address 192.168.1.123 netmask 255.255.255.0 gateway 192.168.1.1 |
/etc/hosts.deny
SALLY’S /etc/hosts.deny file: # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper, as well as for # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8) # for further information. # # The PARANOID wildcard matches any host whose name does not match its # address. # # You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID rpcbind mountd nfsd statd lockd rquotad: ALL |
|
DAVE’S /etc/hosts.deny file: # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper, as well as for # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8) # for further information. # # The PARANOID wildcard matches any host whose name does not match its # address. # # You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID rpcbind mountd nfsd statd lockd rquotad: ALL |
|
THE CHILDREN’S /etc/hosts.deny file: # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper, as well as for # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8) # for further information. # # The PARANOID wildcard matches any host whose name does not match its # address. # # You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID rpcbind mountd nfsd statd lockd rquotad: ALL |
/etc/hosts.allow
SALLY’S /etc/hosts.allow file: # /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper, as well as for # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8) # for further information. # rpcbind mountd nfsd statd lockd rquotad: 127.0.0.1 192.168.1.200 192.168.1.123 |
|
DAVE’S /etc/hosts.allow file: # /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper, as well as for # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8) # for further information. # rpcbind mountd nfsd statd lockd rquotad: 127.0.0.1 192.168.1.100 192.168.1.123 |
|
THE CHILDREN’S /etc/hosts.allow file: # /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper, as well as for # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8) # for further information. # rpcbind mountd nfsd statd lockd rquotad: 127.0.0.1 192.168.1.100 192.168.1.200 |
/etc/exports
SALLY’S /etc/exports file: /home/sally/photos 192.168.1.200(rw,sync,no_subtree_check) /home/sally/stories 192.168.1.123(rw,sync,no_subtree_check) |
|
DAVE’S /etc/exports file: /home/dave/work 192.168.1.100(rw,sync,no_subtree_check) /home/dave/games 192.168.1.123(rw,sync,no_subtree_check) |
|
THE CHILDREN’S /etc/exports file: /home/children/homework 192.168.1.100(rw,sync,no_subtree_check) 192.168.1.200(rw,sync,no_subtree_check) |
/etc/fstab
SALLY’S /etc/fstab file: 192.168.1.200:/home/dave/work /home/sally/daveshare nfs users,rw,hard,intr,noauto,noexec 0 0 192.168.1.123:/home/children/homework /home/sally/childrenshare nfs users,rw,hard,intr,noauto,noexec 0 0 |
|
DAVE’S /etc/fstab file: 192.168.1.100:/home/sally/photos /home/dave/sallyshare nfs users,rw,hard,intr,noauto,noexec 0 0 192.168.1.123:/home/children/homework /home/dave/childrenshare nfs users,rw,hard,intr,noauto,noexec 0 0 |
|
THE CHILDREN’S /etc/fstab file: 192.168.1.100:/home/sally/stories /home/children/momshare nfs users,rw,hard,intr,noauto,noexec 0 0 192.168.1.200:/home/dave/games /home/children/dadshare nfs users,rw,hard,intr,noauto,noexec 0 0 |
/etc/default/nfs-common
SALLY’S /etc/default/nfs-common file: # If you do not set values for the NEED_ options, they will be attempted # autodetected; this should be sufficient for most people. Valid alternatives # for the NEED_ options are "yes" and "no". # Do you want to start the statd daemon? It is not needed for NFSv4. NEED_STATD= # Options for rpc.statd. # Should rpc.statd listen on a specific port? This is especially useful # when you have a port-based firewall. To use a fixed port, set this # this variable to a statd argument like: "--port 4000 --outgoing-port 4001". # For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS STATDOPTS= # Do you want to start the idmapd daemon? It is only needed for NFSv4. NEED_IDMAPD=yes # Do you want to start the gssd daemon? It is required for Kerberos mounts. NEED_GSSD="no" |
|
DAVE’S /etc/default/nfs-common file: # If you do not set values for the NEED_ options, they will be attempted # autodetected; this should be sufficient for most people. Valid alternatives # for the NEED_ options are "yes" and "no". # Do you want to start the statd daemon? It is not needed for NFSv4. NEED_STATD= # Options for rpc.statd. # Should rpc.statd listen on a specific port? This is especially useful # when you have a port-based firewall. To use a fixed port, set this # this variable to a statd argument like: "--port 4000 --outgoing-port 4001". # For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS STATDOPTS= # Do you want to start the idmapd daemon? It is only needed for NFSv4. NEED_IDMAPD=yes # Do you want to start the gssd daemon? It is required for Kerberos mounts. NEED_GSSD="no" |
|
THE CHILDREN’S /etc/default/nfs-common file: # If you do not set values for the NEED_ options, they will be attempted # autodetected; this should be sufficient for most people. Valid alternatives # for the NEED_ options are "yes" and "no". # Do you want to start the statd daemon? It is not needed for NFSv4. NEED_STATD= # Options for rpc.statd. # Should rpc.statd listen on a specific port? This is especially useful # when you have a port-based firewall. To use a fixed port, set this # this variable to a statd argument like: "--port 4000 --outgoing-port 4001". # For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS STATDOPTS= # Do you want to start the idmapd daemon? It is only needed for NFSv4. NEED_IDMAPD=yes # Do you want to start the gssd daemon? It is required for Kerberos mounts. NEED_GSSD="no" |
/etc/default/nfs-kernel-server
SALLY’S /etc/default/nfs-kernel-server file:
# Number of servers to start up # To disable nfsv4 on the server, specify '--no-nfs-version 4' here RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1)) RPCNFSDPRIORITY=0 # Options for rpc.mountd. # If you have a port-based firewall, you might want to set up # a fixed port here using the --port option. For more information, # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS # To disable NFSv4 on the server, specify '--no-nfs-version 4' here RPCMOUNTDOPTS=--manage-gids # Do you want to start the svcgssd daemon? It is only required for Kerberos # exports. Valid alternatives are "yes" and "no"; the default is "no". NEED_SVCGSSD="no" # Options for rpc.svcgssd. RPCSVCGSSDOPTS= # Options for rpc.nfsd. RPCNFSDOPTS= |
|
DAVE’S /etc/default/nfs-kernel-server file:
# Number of servers to start up # To disable nfsv4 on the server, specify '--no-nfs-version 4' here RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1)) RPCNFSDPRIORITY=0 # Options for rpc.mountd. # If you have a port-based firewall, you might want to set up # a fixed port here using the --port option. For more information, # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS # To disable NFSv4 on the server, specify '--no-nfs-version 4' here RPCMOUNTDOPTS=--manage-gids # Do you want to start the svcgssd daemon? It is only required for Kerberos # exports. Valid alternatives are "yes" and "no"; the default is "no". NEED_SVCGSSD="no" # Options for rpc.svcgssd. RPCSVCGSSDOPTS= # Options for rpc.nfsd. RPCNFSDOPTS= |
|
THE CHILDREN’S /etc/default/nfs-kernel-server file:
# Number of servers to start up # To disable nfsv4 on the server, specify '--no-nfs-version 4' here RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1)) RPCNFSDPRIORITY=0 # Options for rpc.mountd. # If you have a port-based firewall, you might want to set up # a fixed port here using the --port option. For more information, # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS # To disable NFSv4 on the server, specify '--no-nfs-version 4' here RPCMOUNTDOPTS=--manage-gids # Do you want to start the svcgssd daemon? It is only required for Kerberos # exports. Valid alternatives are "yes" and "no"; the default is "no". NEED_SVCGSSD="no" # Options for rpc.svcgssd. RPCSVCGSSDOPTS= # Options for rpc.nfsd. RPCNFSDOPTS= |
/etc/idmapd.conf
SALLY’S /etc/idmapd.conf file:
[General] Verbosity = 0 Pipefs-Directory = /run/rpc_pipefs # set your own domain here, if id differs from FQDN minus hostname # Domain = localdomain [Mapping] Nobody-User = nobody Nobody-Group = nogroup |
|
DAVE’S /etc/idmapd.conf file:
[General] Verbosity = 0 Pipefs-Directory = /run/rpc_pipefs # set your own domain here, if id differs from FQDN minus hostname # Domain = localdomain [Mapping] Nobody-User = nobody Nobody-Group = nogroup |
|
THE CHILDREN’S /etc/idmapd.conf file:
[General] Verbosity = 0 Pipefs-Directory = /run/rpc_pipefs # set your own domain here, if id differs from FQDN minus hostname # Domain = localdomain [Mapping] Nobody-User = nobody Nobody-Group = nogroup |
Obligatory Happy Ending
And they all lived happily ever after. The end.
Comment: