Check out my first novel, midnight's simulacra!

NFS: Difference between revisions

From dankwiki
(Created page with "I assumed back in 2001 or so that by 2011 we'd have something better than crufty old NFS3, an NFS4 that no man understands in full, five half-implemented network file systems wit...")
 
Tags: mobile web edit mobile edit
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
I assumed back in 2001 or so that by 2011 we'd have something better than crufty old NFS3, an NFS4 that no man understands in full, five half-implemented network file systems with stupid names, Solaris's WebNFS terroristic threat, and the aesthetic marvel that is CIFS. Alas, I assumed too much.
I assumed back in 2001 or so that by 2011 we'd have something better than crufty old NFS3, an NFS4 that no man understands in full, five half-implemented network file systems with stupid names, Solaris's WebNFS terroristic threat, and the aesthetic marvel that is CIFS. Alas, I assumed too much.


This page discusses [[Linux|Linux's]] kernel NFS implementation circa 3.0.4. Relevant man pages include <tt>exports(5)</tt> and <tt>nfs(5)</tt>.
NFS version 2 was specified in RFC 1094. Version 3 was RFC 1813, and version 4 was RFC 3530.
 
This page discusses [[Linux|Linux's]] kernel NFS implementation circa 3.0.4. Relevant man pages include <tt>exports(5)</tt> and <tt>nfs(5)</tt>/<tt>nfs.conf(5)</tt>.
 
==NFSv4-only==
So long as you're only running NFSv4, you don't need <tt>rpc-statd</tt> nor <tt>rpcbind</tt>. Edit <tt>/etc/nfs.conf</tt>, and add <tt>vers3=n</tt> under the <tt>[nfsd]</tt> section. You can now disable the <tt>rpc-statd-notify</tt>, <tt>rpc-statd</tt>, <tt>rpcbind.socket</tt>, and <tt>rpcbind</tt> services.


==Sideband protocols==
==Sideband protocols==
===NLM===
===NLM===
The Network Lock Manager (not to be confused with Netware Loadable Modules) provides byte-range advisory (SysV-style) locking.
The Network Lock Manager (not to be confused with Netware Loadable Modules) provides byte-range advisory (SysV-style) locking. This is built into NFS4 by default. It can be enabled and disabled using the <tt>lock</tt> and <tt>nolock</tt> mount options, respectively. Linux uses TCP by default for NLM.
* The no_auth_nlm exports option inhibits UID/GID credential check enforcement on lock requests, necessary for clients which don't preserve UID/GID across locking calls
* The no_auth_nlm exports option inhibits UID/GID credential check enforcement on lock requests, necessary for clients which don't preserve UID/GID across locking calls
** The default behavior can be specified with auth_nlm or secure_locks
** The default behavior can be specified with auth_nlm or secure_locks
Line 11: Line 16:
** Don't ask me, man; I didn't do it.
** Don't ask me, man; I didn't do it.
* NLM lock recovery also requires the rpc.statd process to be running, despite executing as a kernel service
* NLM lock recovery also requires the rpc.statd process to be running, despite executing as a kernel service
* NLM requires clients to have correct reverse DNS entries for server reboot notification to function properly
===NFSACL===
An extension originating in Solaris for use of POSIX ACL's (NFS4 introduces its own, richer ACLs). It can be enabled and disabled using the <tt>acl</tt> and <tt>noacl</tt> mount options, respectively (Linux otherwise negotiates with the server to autodetect support). NFSACL uses the same transport as the main NFS service.


==See Also==
==See Also==
* The [http://nfs.sourceforge.net/ Linux NFS FAQ]
* The [http://nfs.sourceforge.net/ Linux NFS FAQ] and [http://nfs.sourceforge.net/nfs-howto/ NFS-HowTo]
* [http://nfswatch.sourceforge.net/ NFSwatch] for monitoring and summarizing NFS traffic
* [https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_file_systems/configuring-an-nfsv4-only-server_managing-file-systems Configuring an NFSv4-Only Server] on Fedora
* [https://wiki.archlinux.org/title/NFS NFS] on ArchWiki
 
[[CATEGORY: Networking]]

Latest revision as of 03:14, 4 June 2023

I assumed back in 2001 or so that by 2011 we'd have something better than crufty old NFS3, an NFS4 that no man understands in full, five half-implemented network file systems with stupid names, Solaris's WebNFS terroristic threat, and the aesthetic marvel that is CIFS. Alas, I assumed too much.

NFS version 2 was specified in RFC 1094. Version 3 was RFC 1813, and version 4 was RFC 3530.

This page discusses Linux's kernel NFS implementation circa 3.0.4. Relevant man pages include exports(5) and nfs(5)/nfs.conf(5).

NFSv4-only

So long as you're only running NFSv4, you don't need rpc-statd nor rpcbind. Edit /etc/nfs.conf, and add vers3=n under the [nfsd] section. You can now disable the rpc-statd-notify, rpc-statd, rpcbind.socket, and rpcbind services.

Sideband protocols

NLM

The Network Lock Manager (not to be confused with Netware Loadable Modules) provides byte-range advisory (SysV-style) locking. This is built into NFS4 by default. It can be enabled and disabled using the lock and nolock mount options, respectively. Linux uses TCP by default for NLM.

  • The no_auth_nlm exports option inhibits UID/GID credential check enforcement on lock requests, necessary for clients which don't preserve UID/GID across locking calls
    • The default behavior can be specified with auth_nlm or secure_locks
  • Linux's NLM lock recovery only works if uname -n output matches reverse DNS output for your host.
    • Don't ask me, man; I didn't do it.
  • NLM lock recovery also requires the rpc.statd process to be running, despite executing as a kernel service
  • NLM requires clients to have correct reverse DNS entries for server reboot notification to function properly

NFSACL

An extension originating in Solaris for use of POSIX ACL's (NFS4 introduces its own, richer ACLs). It can be enabled and disabled using the acl and noacl mount options, respectively (Linux otherwise negotiates with the server to autodetect support). NFSACL uses the same transport as the main NFS service.

See Also