248
Chapter 17. Network File System (NFS)
permitted or prevented access to the NFS server. For more information on configuring access
controls with TCP wrappers, see Chapter 8.
After the client is allowed past TCP wrappers, the NFS server refers to its configuration file,
/etc/exports
, to determine whether the client has enough privileges to mount any of the exported
file systems. After granting access, any file and directory operations are sent to the server using
remote procedure calls.
Warning
NFS mount privileges are granted specifically to a client, not a user. If you grant a client machine
access to an exported file system, any users of that machine will have access to the data.
When configuring the /etc/exports file, be extremely careful about granting read write permissions
(rw) to a remote host.
17.1.1. NFS and
portmap
NFS relies upon remote procedure calls (RPC) to function.
portmap
is required to map RPC requests
to the correct services. RPC processes notify
portmap
when they start, revealing the port number they
are monitoring and the RPC program numbers they expect to serve. The client system then contacts
portmap
on the server with a particular RPC program number.
portmap
then redirects the client to
the proper port number to communicate with its intended service.
Because RPC based services rely on
portmap
to make all connections with incoming client requests,
portmap
must be available before any of these services start. If, for some reason, the
portmap
service
unexpectedly quits, restart
portmap
and any services running when it was started.
The
portmap
service can be used with the host access files (
/etc/hosts.allow
and
/etc/hosts.deny
) to control which remote systems are permitted to use RPC based services on
your machine. See Chapter 8 for more information. Access control rules for
portmap
will affect all
RPC based services. Alternatively, you can specify each of the NFS RPC daemons to be affected
by a particular access control rule. The man pages for
rpc.mountd
and
rpc.statd
contain
information regarding the precise syntax of these rules.
17.1.1.1.
portmap
Status
As
portmap
provides the coordination between RPC services and the port numbers used to commu
nicate with them, it is useful to be able to get a picture of the current RPC services using
portmap
when troubleshooting. The
rpcinfo
command shows each RPC based service with its port number,
RPC program number, version, and IP protocol type (TCP or UDP).
To make sure the proper NFS RPC based services are enabled for
portmap
,
rpcinfo p
can be
useful:
program vers proto
port
100000
2
tcp
111
portmapper
100000
2
udp
111
portmapper
100024
1
udp
1024
status
100024
1
tcp
1024
status
100011
1
udp
819
rquotad
100011
2
udp
819
rquotad
100005
1
udp
1027
mountd
100005
1
tcp
1106
mountd
100005
2
udp
1027
mountd
100005
2
tcp
1106
mountd
100005
3
udp
1027
mountd
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved