If you search for "ubuntu nfs" you'll find a how-to guide, probably at help.ubuntu.com.
Because that guide has to address almost every possible situation, it is much, much, longer than necessary.
NFS tips:
- Make storage locations the same locally and over NFS. This will prevent confusion that will happen based on which machine you happen to be on.
- Use NFS for all Unix-like OSes.
- NFS is server -to- server sharing. Not user -to- server like CIFS/Samba. User credentials have nothing to do with NFS connections.
- Make all uid/gid numbers that will be accessed using NFS (as returned by the 'id' command) the same on all the systems. userid 1000 needs to match on all the systems. Any groups or shared groups gid needs to match on all systems too. On Apple platforms, userids begin with 500. On all Linux platforms, they begin numbering at 1000. That means if you have the same user (a human) on both apple and Linux, then one or the other platforms will need to change the uid to match the other. If you have 5 apples and 1 Linux, I'd change the Linux one. IF you have 1 apple and 5 Linux, I'd change the apple. In theory, there is a mapping solution for this. I've never seen it work. In businesses, we use LDAP for all logins so all the uid/gid are centrally managed and this is a non-issue.
- usernames and groupnames mean nothing. It is all about the numbers. 1000 on the client --> 1000 on the server.
- On the server-side, there is 1 line in the /etc/exports for each "exported" file system.
- On the client-side, there is 1 line in the /etc/fstab for each "NFS" file system.
- After changing the /etc/exports file, restart the server-side NFS service to the config changes are reloaded/seen.
- Client-side changes should automatically be seen, but if they aren't, you can tell systemd to sudo systemctl daemon-reload
- The sudo or root accounts from clients don't have superuser privileges on NFS storage by default.
So, with all that in mind, here is a single NFS on the server in /etc/exports:
Code:
/TV regulus(rw,async,root_squash) romulus(rw,root_squash,async) hadar(rw,root_squash,async) posc(rw,async,root_squash) osmc(rw,async,root_squash) pi3(rw,async,root_squash)
That's 1 line. Spacing is critical. Note were there are and aren't spaces. It matters. I share only with specific systems on this subnet. If you want to share on the entire subnet (dangerous), you can use CIDR notation instead:
Code:
/TV 192.168.1.0/24(rw,async,root_squash)
Anyone on your subnet, including guests, can mount. Often, you'll see other settings in online examples. With NFSv4, which Ubuntu has used for a decade, those other tuning numbers are automatically determined, so not useful except under really odd situations. Don't forget that sometimes you want a read-only export. I export Music as read-only to prevent accidental deletions from clients or overzealous media center software.
On the client side, besides using the /etc/fstab, you can use autofs. That's how I do it for a number of reasons. As with all mount points, the directory must already exist sudo mkdir /TV. But for now, just use the fstab.
Code:
istar:/TV /TV nfs proto=tcp,noauto 0 2
istar is my NFS server. An IP address can be used, if you prefer.
sudo mount -a will mount/remount everything in the fstab.
will show that it is or isn't mounted. So will the df command.
Code:
$ df -Th
Filesystem Type Size Used Avail Use% Mounted on
...
istar:/TV nfs4 294G 102G 193G 35% /TV
Because my setup is using autofs, I'm not 100% certain how to get the mount live. With autofs, storage is only mounted when specifically requested. ls /TV/ is sufficient or any command that accessed anything under /TV/ will mount it. When that mount hasn't been used for a few minutes, it will be removed by autofs. This is convenient for storage that isn't always available so any connection errors don't cause problems for clients.
So, if you have the userid mapping already handled, you can see were adding NFS is pretty trivial. 2 lines, restart the NFS daemon, and mount. It is 45 seconds, maximum time, once. No screwing around with credentials after that, unless you want to get much more security. If you do, NFSv4 supports encrypted connections and Kerberos for server-to-server authentication. Settings those up **is** harder. The encryption is considered secure enough to use over the internet.
If I missed something important, hopefully someone else will post a correction.
Bookmarks