Install and configure NFS server and client on CentOS 6.4

From wikipedia, Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC RPC) system.

I prepared two virtual servers on our CloudStack environment. One worked as NFS server(192.168.1.2), the other as NFS client(192.168.1.3).

Install NFS Server
# yum install nfs-utils -y
# service rpcbind start
# service nfs start
# chkconfig nfs on

Configure NFS Server
# mkdir /nfs-pub
# chmod 777 /nfs-pub
# vi /etc/exports
/nfs-pub 192.168.1.3(rw,root_squash)

# exportfs -a
# showmount -e
Export list for vm2:
/nfs-pub 192.168.1.3

Configure NFS Client
# modprobe nfs
# cat /proc/filesystems | grep nfs
nodev nfs
nodev nfs4

Test
On client side
# mkdir /nfs-mnt
# mount -t nfs 192.168.1.2:/nfs-pub /nfs-mnt
# cp /etc/passwd /nfs-mnt/passwd.c-root
# ls -l /nfs-mnt/
total 4
-rw-r–r–. 1 nfsnobody nfsnobody 1091 May 28 07:46 passwd.c-root

On server side
# ls -l /nfs-pub/
total 4
-rw-r–r–. 1 nfsnobody nfsnobody 1091 May 28 07:46 passwd.c-root

Test using the no_root_squash export option
On client side
# umount /nfs-mnt
On server side
# vi /etc/exports
/nfs-pub 192.168.1.3(rw,no_root_squash)

# exportfs -a

On client side
# mount -t nfs 192.168.1.2:/nfs-pub /nfs-mnt
# cp /etc/group /nfs-mnt/group-nrs.root
# ls -l /nfs-mnt/
total 8
-rw-r–r–. 1 root root 526 May 28 08:04 group-nrs.root
-rw-r–r–. 1 nfsnobody nfsnobody 1091 May 28 07:46 passwd.c-root

From the above, if root_squash is used, NFS shares change the root user (of clients) to the nfsnobody user, an unprivileged user account. In this way, all root-created files are owned by nfsnobody, which prevents uploading of programs with the setuid bit set.

If no_root_squash is used, remote root users are able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.

Reference
http://zenit.senecac.on.ca/wiki/index.php/NAD710_Lab_6

Advertisements
This entry was posted in Linux Admin Basics. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s