Exporting NFS File Systems
To allow a client access to a filesystem or directory, the /etc/exports serves as the access control list.
To give the network “lan.serverbuddies.com” read-only access to /public_docs, the entries in /etc/exports would look like as follows:
/public_docs *.lan.serverbuddies.com(ro,sync)
Security : It is very important NOT to give write access to NFS clients if not absolutely needed! Entries in /etc/exports are exported read-only (”ro” option) by default.
To allow servers lan1, lan2 and lan3 read-write access to the /backup/setup directory, the entries in /etc/exports would look like as follows:
/backup/setup lan1.serverbuddies.com(rw,sync) lan2.serverbuddies.com(rw,sync) lan3.serverbuddies.com(rw,sync)
Note that options MUST NOT be separated from hostnames or networks with whitespace(s). And use fully qualified domain names to diminish spoofing attempts.
All entries in /etc/exports are exported with the root_squash option (’root squashing’) by default. This means that a root user on a client machine does not have root privileges (root access) to root-owned files on exported NFS filesystems/directories. It is not recommended to turn ‘root squashing” off using the no_root_squash option!
After you’ve made all your entries in /etc/exports, you can export all filesystems/directories using the following command:
To unexport all shared filesystems/directories, run:
To see all shared filesystems/directories, run:
Export list for localhost:
/public_docs *.lan.serverbuddies.com
/backup/setup lan1.serverbuddies.com lan2.serverbuddies.com lan3.serverbuddies.com
