A prerequisite to allow users on other computers within the network access to the directories accessible to all users (see Linux-server - file-structure and users) is, that a NFS-Server is installed and activated on the Linux**-Server.
Automated start of the NFS-service:
To configure automatic
startup the command
ntsysv
is executed on the
command-line.
On the following 'Services'-menu the selection [ ] nfs is marked with the space-bar and the and confirmed with the OK-button.
Definition of the directories, where the access-rigts should be controlled by NFS:
Directories, which should be accessible for other computers, are defined in the cinfiguration file /etc/exports by entering the following lines:
/SMB_Disk/data_backed_up
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/data_not_backed_up
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/finance
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/progs_honest
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/progs_writing
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/backup_mirror
192.168.0.0/255.255.255.0(ro)
/SMB_Disk/cd_01
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/cd_02
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/cd_03
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/cd_04
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/cd_05
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/cd_06
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/cd_07
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/cd_08
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/cd_09
192.168.0.0/255.255.255.0(rw)
/SMB_Disk/cd_10
192.168.0.0/255.255.255.0(rw)
To copy the above configuration-statements to a file follow this link for an explanation how to copy text from a web-browser to a file.
Definition of the computers (TCP/IP-adresses), which are allowed to access the directories
This is done by defining which of the TCP/IP-adresses (belonging to computers) are allowed to use the services of the NFS.
To increase the security, all TCP/IP-adresses are preventive excluded in the configuration-file /etc/hosts.deny :
#
#
hosts.deny This file describes the names of the hosts which are
#
*not* allowed to use the local INET services, as decided
# by the
'/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but
it is left to remind you that
# the new secure portmap uses
hosts.deny and hosts.allow. In particular
# you should know that
NFS uses portmap!
portmap: ALL
lockd: ALL
mountd:
ALL
rquotad: ALL
statd: ALL
To copy the above configuration-statements to a file follow this link for an explanation how to copy text from a web-browser to a file.
Then only the TCP/IP-adresses of the own (internal) network are included in the configuration-file /etc/hosts.allow :
#
#
hosts.allow This file describes the names of the hosts which are
#
allowed to use the local INET services, as decided
# by the
'/usr/sbin/tcpd' server.
portmap: 192.168.0.0/255.255.255.0
lockd:
192.168.0.0/255.255.255.0
rquotad:
192.168.0.0/255.255.255.0
mountd: 192.168.0.0/255.255.255.0
statd:
192.168.0.0/255.255.255.0
To copy the above configuration-statements to a file follow this link for an explanation how to copy text from a web-browser to a file.
To
avoid a shutdown and restart of the Linux**-Server, the new
configuration can be activated immediately by restarting service nfs
with the following command:
service
nfs restart
Test for correct installation of the NFS on the Linux**-Server:
After
restarting the service, a list of active services can be displayd by
entering the command
rpcinfo
-p
on the
command-line of the terminal. The result looks similar to the
following output.
|
Program Vers
Proto Port |
In this list the services rquotad, mountd, nfs and nlockmgr must appear.
Check for correct installation of the NFS on the Linux**-Server on any Linux**-Workstation on the network.
Show the allowed NFS-directories on a remote computer:
If
a the user 'root' executes the command
showmount
-e 192.168.0.1
then
all allowed directories on the Server (with TCP/IP-adress
192.168.0.1) will be listed.
If the standard-directory-structure (as described in the document Linux - file-structure and users) is installed on the Server, then the list looks like this:
|
Export list
for 192.168.0.1: |
Mount a NFS-directory as local directory:
Logging
in as 'root' and issuing the following command
mount
192.168.0.1:/SMB_Disk/data_backed_up /mnt/floppy
mounts
the specified directory on the Server (with TCP/IP-adress
192.168.0.1) to the directory 'mnt/floppy' on the local
computer.
N.B. '/mnt/floppy' is used for convinience now as this
directory already exists; for permanent mounting an extra directory
will be created. This is described in document Auxiliary
Linux**-service-applications.
Logging off 'root' and logging on as a user with the proper access-rights on the mounted directory gives the change to read or modify files on the mounted directory.
Additional Hints:
Executing ntsysv, editing configuration-files and listing the services can only be done when logged on as user 'root'.