Setting up an NFS server: Difference between revisions
m (Arrogance moved page Setting up a nfs-server to Setting up an NFS server: spelling/grammar) |
m (bin name: exports -> exportfs) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= Installation = | == Installation == | ||
Install package | Install the following package for both NFS client and NFS server service. | ||
{{Cmd|# apk add nfs-utils}} | |||
{{Cmd| | |||
== Configuration == | |||
Setting up NFS service on Alpine Linux is no different from other Linux distributions. | |||
=== NFS Server === | |||
Setup export dirs in /etc/exports. For example: | |||
{{Cmd|rc-update add netmount}} | {{Cat|/etc/exports|<nowiki>/data 10.10.10.0/24(rw,nohide,no_subtree_check,no_root_squash) | ||
</nowiki>}} | |||
After editing /etc/exports, reload your setting | |||
{{Cmd|# exportfs -afv}} | |||
To make NFS server service to autostart on boot: | |||
{{Cmd|# rc-update add nfs}} | |||
To start NFS server service now | |||
{{Cmd|# rc-service nfs start}} | |||
=== NFS Client === | |||
To mount NFS shares automatically, an entry needs to made to /etc/fstab. To mount nfs share from /etc/fstab file at booting of the system | |||
{{Cmd|# rc-update add nfsmount}} | |||
To mount the nfs shares from /etc/fstab file now: | |||
{{Cmd|# rc-service nfsmount start}} | |||
{{Cmd|# rc-update add netmount}} | |||
You can check your boot services: | You can check your boot services: | ||
{{Cmd|rc-status}} | {{Cmd|# rc-status}} | ||
{{Cmd|# rc-service netmount start}} | |||
== Kerberos Authentication == | |||
By default, NFS security only validates the IP of the client. You can add user level authentication with a Kerberos installation ([https://pkgs.alpinelinux.org/package/edge/main/armhf/krb5 MIT KRB5] or [https://pkgs.alpinelinux.org/package/edge/main/x86/heimdal Heimdal]). It is recommended to have the same Kerberos flavor across the network as both implementations are not completely mutually compatible. | |||
=== Server Configuration === | |||
Assuming you setup Kerberos in the in the network, create ticket to your NFS machine (examples are in MIT KRB5 syntax): | |||
{{Cmd|# kadmin: addprinc -randkey nfs/nfs1.example.com@EXAMPLE.COM}} | |||
And add it to the machines krb5.keytab file: | |||
{{Cmd|# kadmin: ktadd nfs/nfs1.example.com@EXAMPLE.COM}} | |||
Then, edit your /etc/exports, and add sec=krb5 (only authentication), sec=krb5i (also hmac signing) or sec=krb5p (also encryption). For example: | |||
{{Cat|/etc/exports|<nowiki>/data 10.10.10.0/24(rw,nohide,no_subtree_check,sec=krb5p,no_root_squash) | |||
</nowiki>}} | |||
After editing /etc/exports, reload your setting | |||
{{Cmd|# exportfs -afv}} | |||
User id mapping is managed by nfsidmap. | |||
=== Client Configuration === | |||
In order for the client to connect to NFS via kerberos, enable and start rpc.gssd. | |||
{{Cmd|# rc-update add rpc.gssd}} | |||
{{Cmd|# rc-service rpc.gssd start}} | |||
== see Also == | |||
* [https://wiki.archlinux.org/title/NFS NFS in Arch wiki] | |||
* [https://wiki.gentoo.org/wiki/Nfs-utils NFS in Gentoo Wiki] | |||
[[Category:Server]] | [[Category:Server]] |
Latest revision as of 12:21, 26 September 2024
Installation
Install the following package for both NFS client and NFS server service.
# apk add nfs-utils
Configuration
Setting up NFS service on Alpine Linux is no different from other Linux distributions.
NFS Server
Setup export dirs in /etc/exports. For example:
Contents of /etc/exports
After editing /etc/exports, reload your setting
# exportfs -afv
To make NFS server service to autostart on boot:
# rc-update add nfs
To start NFS server service now
# rc-service nfs start
NFS Client
To mount NFS shares automatically, an entry needs to made to /etc/fstab. To mount nfs share from /etc/fstab file at booting of the system
# rc-update add nfsmount
To mount the nfs shares from /etc/fstab file now:
# rc-service nfsmount start
# rc-update add netmount
You can check your boot services:
# rc-status
# rc-service netmount start
Kerberos Authentication
By default, NFS security only validates the IP of the client. You can add user level authentication with a Kerberos installation (MIT KRB5 or Heimdal). It is recommended to have the same Kerberos flavor across the network as both implementations are not completely mutually compatible.
Server Configuration
Assuming you setup Kerberos in the in the network, create ticket to your NFS machine (examples are in MIT KRB5 syntax):
# kadmin: addprinc -randkey nfs/nfs1.example.com@EXAMPLE.COM
And add it to the machines krb5.keytab file:
# kadmin: ktadd nfs/nfs1.example.com@EXAMPLE.COM
Then, edit your /etc/exports, and add sec=krb5 (only authentication), sec=krb5i (also hmac signing) or sec=krb5p (also encryption). For example:
Contents of /etc/exports
After editing /etc/exports, reload your setting
# exportfs -afv
User id mapping is managed by nfsidmap.
Client Configuration
In order for the client to connect to NFS via kerberos, enable and start rpc.gssd.
# rc-update add rpc.gssd
# rc-service rpc.gssd start