09 February 2012

62. Sharing a folder between computers using nfs on Debian

A year ago I posted about getting nfs set up for a local network as part of a longer post -- here it is reposted, with minimal changes to make up for the substitution of portmap for rpcbind in debian. Hopefully it'll be clearer. Also, nfs is such a universally useful thing that it should be promoted among a wider audience.

I followed this post to get up and running (scroll down) with nfs. Here's my take on it:

UPDATE: with the first comment below in mind, I changed this post a little bit. The folder /shared on the master node is shared with the client, which mounts it under /home/me/shared, instead of sharing the folder /home/me/shared on the host and mounting it as /home/me/shared on the client. I basically want to drive home the message that you're mounting an NFS share in the same way as any other disk resource -- you can mount it in whatever location you want, regardless of where the folder is found on the host.

Server
On the master node (here: 192.168.1.1 - beryllium) which hosts the shared folder on its harddrive:
sudo apt-get install nfs-kernel-server nfs-common rpcbind

Let's share /shared

Create it
sudo mkdir /shared

Set permissions for 'all' to be read, write and execute
sudo chmod a+wrx /shared

Edit /etc/exports by adding a line to the end of the file
/shared *(rw,sync)



[Note that this (the *) is inherently insecure. You should restrict access to the NFS mounts via your firewall (e.g. using iptables with -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 2049 -j ACCEPT;  -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 111 -j ACCEPT for a local subnet 192.168.1.1-255).  You can also use 
/shared 192.168.1.0/24(rw,sync)

to restrict it similarly directly via /etc/exports. There are more things that can be done, see e.g. here and here. If you are running a cluster with a separate subnet, this is not a great worry. If you are in a situation where security is important, consider using sshfs instead.]

Make stuff happen:
sudo /etc/init.d/nfs-kernel-server restart
sudo exportfs -a

Client
On each client node:
sudo apt-get install rpcbind nfs-common
mkdir ~/shared

Add the following line to the end of /etc/fstab
beryllium:/shared /home/me/shared nfs   rw   0   0

You can mount in a different location if needed -- server:serverfolder localfolder nfs rw 0 0

To get it up and running immediately instead of waiting for reboot:
sudo mount ~/shared


That's it!

Links to this page:
http://forums.debian.net/viewtopic.php?f=5&t=84889

2 comments:

  1. Edit /etc/exports by adding a line to the end of the file
    /shared *(rw,sync)

    That makes your shared directory accessible by any computer. If your server is connected to the Internet and NFS ports are opened, anyone can read/write on your disk.

    BTW did you mean :
    /home/me/shared *(rw,sync)

    ReplyDelete
    Replies
    1. Cheers JBzh,
      yes, the /shared *... is from an earlier iteration of the post and should be /home/me/shared. Thanks for pointing that out.

      I'll update the post with a few pointers about the lack of security. On my cluster I'm only accepting NFS connections from my local subnet and on my dedicated subnet NIC, so it's not been a worry for me. That's obviously not true in those cases where people are using it as an equivalent for SMB.

      Delete