Topics: AIX, Storage, System Admin

Using NFS

The Networked File System (NFS) is one of a category of filesystems known as distributed filesystems. It allows users to access files resident on remote systems without even knowing that a network is involved and thus allows filesystems to be shared among computers. These remote systems could be located in the same room or could be miles away.

In order to access such files, two things must happen. First, the remote system must make the files available to other systems on the network. Second, these files must be mounted on the local system to be able to access them. The mounting process makes the remote files appear as if they are resident on the local system. The system that makes its files available to others on the network is called a server, and the system that uses a remote file is called a client.

NFS Server

NFS consists of a number of components including a mounting protocol, a file locking protocol, an export file and daemons (mountd, nfsd, biod, rpc.lockd, rpc.stad) that coordinate basic file services.

Systems using NFS make the files available to other systems on the network by "exporting" their directories to the network. An NFS server exports its directories by putting the names of these directories in the /etc/exports file and executing the exportfs command. In its simplest form, /etc/exports consists of lines of the form:

pathname -option, option ...
Where pathname is the name of the file or directory to which network access is to be allowed; if pathname is a directory, then all of the files and directories below it within the same filesystem are also exported, but not any filesystems mounted within it. The next fields in the entry consist of various options that specify the type of access to be given and to whom. For example, a typical /etc/exports file may look like this:
/cyclop/users    -access=homer:bart, root=homer
/usr/share/man   -access=marge:maggie:lisa
This export file permits the filesystem /cyclops/users to be mounted by homer and bart, and allows root access to it from homer. In addition, it lets /usr/share/man to be mounted by marge, maggie and lisa. The filesystem /usr/mail can be mounted by any system on the network. Filesystems listed in the export file without a specific set of hosts are mountable by all machines. This can be a sizable security hole.

When used with the -a option, the exportfs command reads the /etc/exports file and exports all the directories listed to the network. This is usually done at system startup time.
# exportfs -va
If the contents of /etc/exports change, you must tell mountd to reread it. This can be done by re-executing the exportfs command after the export file is changed.

The exact attributes that can be specified in the /etc/exports file vary from system to system. The most common attributes are:
  • -access=list : Colon-separated list of hostnames and netgroups that can mount the filesystem.
  • -ro : Export read-only; no clients may write on the filesystem.
  • -rw=list : List enumerates the hosts allowed to mount for writing; all others must mount read-only.
  • -root=list : Lists hosts permitted to access the filesystem as root. Without this option, root access from a client is equivalent to access by the user nobody (usually UID -1).
  • -anon : Specifies UID that should be used for requests coming from an unknown user. Defaults to nobody.
  • -hostname : Allow hostname to mount the filesystem.
For example:
/cyclop/users -rw=moe,anon=-1 /usr/inorganic -ro
This allows moe to mount /cyclop/users for reading and writing, and maps anonymous users (users from other hosts that do not exist on the local system and the root user from any remote system) to the UID -1. This corresponds to the nobody account, and it tells NFS not to allow such users access to anything.

NFS Clients

After the files, directories and/or filesystems have been exported, an NFS client must explicitly mount them before it can use them. It is handled by the mountd daemon (sometimes called rpc.mountd). The server examines the mount request to be sure the client has proper authorization.

The following syntax is used for the mount command. Note that the name of the server is followed by a colon and the directory to be mounted:
# mount server1:/usr/src /src
Here, the directory structure /usr/src resident on the remote system server1 is mounted on the /src directory on the local system.

When the remote filesystem is no longer needed, it is unmounted with the umount:
# umount server1:/usr/src
The mount command can be used to establish temporary network mounts, but mounts that are part of a system's permanent configuration should be either listed in /etc/filesystems (for AIX) or handled by an automatic mounting service such as automount or amd.

NFS Commands
  • lsnfsexp : Displays the characteristics of directories that are exported with the NFS.
    # lsnfsexp
    software -ro
  • mknfsexp -d path -t ro : Exports a read-only directory to NFS clients and add it to /etc/exports.
    # mknfsexp -d /software -t ro
    /software ro
    Exported /software
    # lsnfsexp
    /software -ro
  • rmnfsexp -d path : Unexports a directory from NFS clients and remove it from /etc/exports.
    # rmnfsexp -d /software
  • lsnfsmnt : Displays the characteristics of NFS mountable file systems.
  • showmount -e : List exported filesystems.
    # showmount -e
    export list for server:
    /software (everyone)
  • showmount -a : List hosts that have remotely mounted local systems.
    # showmount  -a
Start/Stop/Status NFS daemons

In the following discussion, reference to daemon implies any one of the SRC-controlled daemons (such as nfsd or biod).

The NFS daemons can be automatically started at system (re)start by including the /etc/rc.nfs script in the /etc/inittab file.

They can also be started manually by executing the following command:
# startsrc -s Daemon or startsrc -g nfs
Where the -s option will start the individual daemons and -g will start all of them.

These daemons can be stopped one at a time or all at once by executing the following command:
# stopsrc -s Daemon or stopsrc -g nfs
You can get the current status of these daemons by executing the following commands:
# lssrc -s [Daemon]
# lssrc -a
If the /etc/exports file does not exist, the nfsd and the rpc.mountd daemons will not start. You can get around this by creating an empty /etc/exports file. This will allow the nfsd and the rpc.mountd daemons to start, although no filesystems will be exported.

If you found this useful, here's more on the same topic(s) in our blog:

UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?