NFS

NFS - network file system

components: Configuring /etc/exports server configuration file : 
 * rpc.statd - This process is responsible for sending notifications to NFS clients whenever the NFS restarted without being gracefully shutdown. It provides status information about the server to rpc.lockd when queried. It is not required in NFS v4
 * rpc.rcquotad - Supplies the interface between NFS and the quota manager. NFS users/clients will be held to the same quota restrictions that would apply to them if they were working on the local file system instead of via NFS. It is not required in NFSv4
 * rpc.mountd - When a request to mount a partition is made, the rpc.mountd daemon takes care of verifying that the client has the appropriate permission to make the request. This permissions is stored in /etc/exports. It is not required in NFSv4
 *  rpc.nfsd  - The main component to the NFS system, this is the NFS server/daemon. It works in conjunction with the Linux kernel either to load or unload the kernel module as necessary.
 * rpc.lockd - The rpc.statd daemon uses this daemon to handle lock recovery on crashed systems. It also allows NFS clients to lock files on the system. The nfslock service is no longer used in NFSv4
 * rpc.idmapd - This is the NFSv4 ID name-mapping daemon. It provides this functionality to the NFSv4 kernel client and server by translating user and group IDs to names and vice versa.
 *  rpc.svc_gssd  - This is the server side rpcsec_gss daemon. The rpcsec_gss protocol allows the use of the gss-api generic security API to provide advanced security in NFSv4
 * rpc.gssd - This provides the client-side transport mechanism for the authentication mechanism in NFSv4 and the higher.

/directory/to/export client|ip_network(permission)

Permissions :
 * secure - The port number from which the client request a mount must be lower than 1023. This permission is on default, to turn it off, specify insecure instead.
 * ro - Allows read-only access to partition, this is the default permission whenever nothing is specified explicitly.
 * rw - Allows normal read/write access
 * root_squash - This permission prevents remote root users from having superuser(root) privileges on remote NFS-mounted volumes. The squash literary means to squash the power of the remote root user
 * no_root_squash - This allows the root user on the NFS client host to access the NFS-mounted directory with the same rights and privileges that the superuser would normally have.
 * all_squash - Maps all UID and GID to anonymous user.

/usr/local 172.160.0.0/16(ro)

/home hostA(rw) hostB(rw) clientA(rw,no_root_squash)

exportfs -r - rexports all entries in the /etc/exports file.

showmount -e localhost - list of exported file systems

firewall-cmd --add-service=nfs --permanent

firewall-cmd --reload

Configuring NFS clients

mount -o rw,bg,soft serverA:/home /mnt/home

options :
 * bg - background mount. Should the mount initially fail( for instance, if the server is down), the mount process will send itselft to background processing and continue trying to execute until it is successful. This is useful for file systems mounted at boot time, because it keeps the systems from hanging at the mount command if the server is down.
 * intr - Specifies an interruptible mount.
 * hard - This is implicit default option. IF an NFS file operation has a major timeout, a server not responding message is reported and the client continue retrying indefinitely.
 * soft - enables a soft mount for this partition, allowing the client to time out the connection after a number of retries( retrans=r options)
 * retrans=n - the value n specifies the maximum number of connection retries for a soft-mounted system.
 * rsize= n - the value n is the number of bytes NFS uses when reading files from an NFS server. The default value is dependent on the kernel but is currently 4096 bytes for NFSv4.
 * wsize=n - the value n is the number of bytes NFS uses when writing files from an NFS server. The default value is dependent on the kernel but is currently 4096 bytes for NFSv4.
 * proto=n - the value specifies the network protocol to use to mount the NFS file system. THe default in NFSv3 and NFSv3 is udp. In NFSv4 generally support only TCP. Options: udp,tcp,udp6,tcp6
 * nfsvers=n - allows the use of an alternative RPC version number - possible values: 2,3,4,4.1
 * sec=value -sets the security value -
 * sec=sys - local UNIX uid and GIDS
 * sec=krb5 -kerberos V5
 * sec=krb5i - authentication and performs integrity
 * sec=krb5p - authentication and integrity checking and encrypts NFS traffic