I’m new to this forum. Please forgive me for not having searched all the
posts before posting myself but I’ve got to get this off my chest. For
the last week I’ve searched hi and lo for a concise and usable description
of NFS v4. The system manual just didn’t do it right. Finally I think I’ve
got it figured out but correct info has been pieced together from various
sources. There is much confusion regarding NFS v4 on the Internet so I
hope my findings may help a little along the way.
Server: OpenSuse 11.1 kernel 22.214.171.124-0.1-pae 32 bit
Client: OpenSuse 11.4 kernel 126.96.36.199-1.2-desktop 64 bit
It has taken me a week to get a working configuration. There have been errors
in the manuals and important things have not been mentioned…
The short story:
1 All the emty directories in the pseudo file system must be exported in
/etc/exports i.e. it’s not the info you want to share that’s directly exported.
The actual share is mounted via bind on a sub dir in the pseudo file system.
2 Either the option crossmnt has to be set for the pseudo root or the option nohide
must be set for exported sub dirs in the pseudo file system. Otherwise the real
share only shows up on the server but not on the client who then only sees the
empty dir structure of the pseudo file system.
3 The port used by mountd has to be locked by setting MOUNTD_PORT=“20048”
in /etc/sysconfig/nfs. Otherwise mountd will use different ports from time to
time and connection attempts will be blocked by the firewall and eventually
time out if not by chance the picked port happens to be 20048.
The long story:
Assume the following pseudo filesystem
and the following shares
Allow everybody everything in the pseudo file system (for most things below you need to be root):
chmod --recursive 777 /nfs4exports
Access control is done by uid/gid for the real shares through nfs, chf NFS-HOWTO at LDP.
Edit /etc/exports like so:
The option fsid=0 marks the pseudo root. The option bind=/… causes the shared directory
to be mounted on the corresponding dir in the pseudo file system. This is evident by doing:
on the server machine once the nfsserver is up and running.
As mentioned above crossmnt may be set for the pseudo root instead of setting nohide
for the sub dirs. If crossmnt/nohide is omitted the shared directories get mounted on
the pseudo file system and show up there on the server but the client only sees the empty
pseudo file system.
The wild card “*” may be replaced by hostname, IP or IP/NETMASK to restrict access.
If hostnames are used a working DNS is required.
Finally don’t forget to set MOUNTD_PORT=“20048” in /etc/sysconfig/nfs if you plan on using a firewall on your server. The actual port number is not important as long as it’s not used by
any other process. 20048 is dedicated to the NFS mountd and is the one opened in the
firewall, chf http://www.iana.org/assignments/port-numbers.
Don’t trust the manuals if you’re running OpenSuse 11.x unless x=4. The reference manuals
of 11.1-11.3 do not mention crossmnt/nohide nor do they say anything about the mountd
port number. Moreover 11.1 will have you export the shared directory and set
bind=/psuedo-root/subdir whereas 11.2 and 11.3 are unclear on the subject, maybe on
purpose or maybe I don’t understand the german.
Be warned that if you do follow the 11.1 manual then the empty sub dir of the
pseudo file system gets mounted on top of your shared directory thus hiding its content.
As I’m running 11.1 on my server maybe you can imagine the horror I felt when my shared
data suddenly vanished. At that point I had no clue so naturally I feared the worst had
happened. As for 11.4 it looks like the reference manual is correct and maybe Yast also
locks the mountd port for you. I haven’t tried it though.
It’s also worth mentioning a few points on the client side. Here it looks like the manuals
do it right and you simply mount the nfs share by doing:
mount server:/ /path-to-mountpoint/
wich is much simpler than for NFS v3 or older where you have to do:
mount server:/path-to-share /path-to-mountpoint/
for every shared directory instead of only once. Of course you can also do:
mount -t nfs4 ....
but it’s not necessary as the mount process will assume nfs due to the form of the
command. There is also a host of other options described in the man pages that you
may use to tweak the connection not to mention automating via /etc/fstab or automount.
Why NFS v4? On the server it takes about the same amount of work to set it up as earlier
versions but you do control the pseudo file system and all the shared info will be at
one point on the client. The downside is that so far complete reference info is hard
to come by in one place only. An obvious advantage is that the client
only needs to know the name of the server.
Many references out there make a point of the files /etc/hosts.deny and /etc/hosts.allow.
OpenSuse 11.x and onwards by default controls access by running an iptables firewall.
The host.deny and hosts.allow files have nothing to do with the firewall and you don’t
have to worry about them unless you plan on skipping the firewall and activate control
by xinetd (TCP wrappers). By default this is not activated. (Maybe Suse inactivated
xinetd prior to OpenSuse 11.x but my acquaintance started with 11.0.)