Using NFS in AIX
Overview
The Networked File System (NFS) is one of a category of filesystems known as distributed filesystems. It allows users to access files resident on remote systems without even knowing that a network is involved and thus allows filesystems to be shared among computers. These remote systems could be located in the same room or could be miles away.
In order to access such files, two things must happen. First, the remote system must make the files available to other systems on the network. Second, these files must be mounted on the local system to be able to access them. The mounting process makes the remote files appear as if they are resident on the local system. The system that makes its files available to others on the network is called a server, and the system that uses a remote file is called a client.
NFS Server
NFS consists of a number of components including a mounting protocol, a file locking protocol, an export file and daemons (mountd, nfsd, biod, rpc.lockd, rpc.stad) that coordinate basic file services.
Systems using NFS make the files available to other systems on the network by “exporting” their directories to the network. An NFS server exports its directories by putting the names of these directories in the /etc/exports file and executing the exportfs command. In its simplest form, /etc/exports consists of lines of the form:
pathname -option, option ...
where pathname is the name of the file or directory to which network access is to be allowed; if pathname is a directory, then all of the files and directories below it within the same filesystem are also exported, but not any filesystems mounted within it. The next fields in the entry consist of various options that specify the type of access to be given and to whom. For example, a typical /etc/exports file may look like this:
/cyclop/users -access=homer:bart, root=homer /usr/share/man -access=marge:maggie:lisa /usr/mail
This export file permits the filesystem /cyclops/users to be mounted by homer and bart, and allows root access to it from homer. In addition, it lets /usr/share/man be mounted by marge, maggie and lisa. The filesystem /usr/mail can be mounted by any system on the network. Filesystems listed in the export file without a specific set of hosts are mountable by all machines. This can be a sizable security hole.
When used with the -a option, the exportfs command reads the /etc/exports file and exports all the directories listed to the network. This is usually done at system startup time.
# exportfs -a
If the contents of /etc/exports change, you must tell mountd to reread it. This can be done by re-executing the exportfs command after the export file is changed.
The exact attributes that can be specified in the /etc/exports file vary from system to system. The most common attributes are:
-access=list : Colon-separated list of hostnames and netgroups that can mount the filesystem
-ro : Export read-only; no clients may write on the filesystem
-rw=list : List enumerates the hosts allowed to mount for writing; all others must mount read-only.
-root=list : Lists hosts permitted to access the filesystem as root. Without this option, root access from a client is equivalent to access by the user nobody (usually UID=-2).
-anon : Specifies UID that should be used for requests coming from an unknown user. Defaults to nobody.
-hostname : Allow hostname to mount the filesystem.
For example:
/cyclop/users -rw=moe,anon=-1 /usr/inorganic -ro
This allows moe to mount /cyclop/users for reading and writing, and maps anonymous users (users from other hosts that do not exist on the local system and the root user from any remote system) to the UID=-1. This corresponds to the nobody account, and it tells NFS not to allow such users access to anything. On some systems, the UID=-2 may be used to allow anonymous users access only to world-readable files. The read-only access is referred to as read-mostly.
NFS Clients
After the files, directories and/or filesystems have been exported, an NFS client must explicitly mount them before it can use them. It is handled by the mountd daemon (sometimes called rpc.mountd). The server examines the mount request to be sure the client has proper authorization.
The following syntax is used for the mount command. Note that the server’s name is followed by a colon and the directory to be mounted:
# mount server1:/usr/src /src
Here, the directory structure /usr/src resident on the remote system server1 is mounted on the /src directory on the local system.
When the remote filesystem is no longer needed, it is unmounted with the umount:
# umount server1:/usr/src
The mount command can be used to establish temporary network mounts, but mounts that are part of a system’s permanent configuration should be either listed in /etc/filesystems (for AIX) or handled by an automatic mounting service such as automount or amd.
NFS Commands
lsnfsexp : Displays the characteristics of directories that are exported with the NFS
# lsnfsexp software -ro
mknfsexp -d path -t ro : Exports a read-only directory to NFS clients and add it to /etc/exports
# mknfsexp -d /software -t ro /software ro Exported /software # lsnfsexp /software -ro
rmnfsexp -d path : Unexports a directory from NFS clients and remove it from /etc/exports
# rmnfsexp -d /software
lsnfsmnt : Displays the characteristics of NFS mountable file systems
showmount -e : List exported filesystems
# showmount -e
export list for server:
/software (everyone)
showmount -a : List hosts that have remotely mounted local systems
# showmount -a server2:/sourcefiles server3:/datafiles
Start/Stop/Status NFS daemons
In the following discussion, reference to daemon implies any one of the SRC-controlled daemons (such as nfsd or biod).
The NFS daemons can be automatically started at system (re)start by including the /etc/rc.nfs script in the /etc/inittab file.
They can also be started manually by executing the following command:
# startsrc -s Daemon or startsrc -g nfs
where -s option will start the individual daemons and -g will start all of them.
These daemons can be stopped one at a time or all at once by executing the following command:
# stopsrc -s Daemon or stopsrc -g nfs
You can get the current status of these daemons by executing the following commands:
# lssrc -s Daemon or lssrc -a
If the /etc/exports file does not exist, the nfsd and the rpc.mountd daemons will not start. You can get around this by creating an empty/etc/exports file. This will allow the nfsd and the rpc.mountd daemons to start, although no filesystems will be exported.
References:
- Using Network File System in AIX – a primer
- man pages of NFS commands
