Network File System.
WARNING: nfs can be insecure.
It sends data in the clear, and authenticates clients only by host name or IP address.
The server’s file system permissions apply to the share, but if the user on the client has a name (or uid) collision with an account on the server, the client could gain inappropriate access.
By default nfs does “root squashing”, which sets the uid of anyone accessing the share as root (i.e. the root user of the client machine) to the server’s nobody account. This should not be turned off!
NFSv4 includes significant security enhancements over previous versions, including ACLs and Kerberos authentication of individual users.
Define shares in /etc/exports
. See exports(5).
/share client1 client2
After making changes to /etc/exports
, on linux do:
exportfs -ra
or on FreeBSD do:
kill -s HUP `cat /var/run/mountd.pid`
Mount the share like mount -t nfs nfsServer:/shareName /localMountPoint
.
NFS mounts can be added to the client fstab.
nfsstat Show nfs activity statistics
rpcinfo -p Probe rpc on this host, and show all registered listeners
showmount -e Shows the host’s exports list
…