Configuring the NFS Server for Sharing Resources

When the mountd and nfsd daemons are running, you can use the share command to make file resources available:

share [ -F nfs ] [ -o options ] [ -d description ] [ pathname ]

where:

share Command Options

Option Description
-F nfs Specifies the file system type. This option is not typically required, because NFS is the default remote file system type.
-o options Controls a client’s access to an NFS shared resource.
-d description Describes the shared file resource.
pathname Specifies the absolute path name of the resource for sharing.

Note: Unless you specify an option to the share command, for example, -F nfs, the system

uses the file system type from the first line of the /etc/dfs/fstypes file

To share a file resource from the command line, you can use the share command. For

example, to share the /usr/local/data directory as a read-only shared resource, perform the command:

#share -o ro /usr/local/data

By default, NFS-mounted resources are available with read and write privileges based on standard Solaris OS file permissions. Access decisions are based ona comparison of the user ID (UID) of the client and the owner.

The share Command

Option Description
ro
Informs clients that the server accepts only read requests.
rw
Allows the server to accept read and write requests from the client
root=client
Informs clients that the root user on the specified client system or systems can perform superuser-privileged requests on the shared resource
ro=access-list
Allows read requests from the specified access list
rw=access-list
 
Allows read and write requests from the specified access list, as shown in the table

Access List Options

Option Description
access-list=client:client
Allows access based on a colon-separated list of one
access-list=@network
Allows access based on a network number (for example, @192.168.100) or a network name (for example, @mydomain.com). The network name must be defined in the /etc/networks file.
access-list=.domain
Allows access based on a Domain Name System (DNS) domain; the dot (.) identifies the value as a DNS domain.
access-list=netgroup_name
Allows access based on a configured net group (Network Information Service [NIS] or Network Information Service Plus [NIS+] only).
anon=n
 
Sets n to be the effective user ID (EUID) of anonymous users. By default, anonymous users are given the EUID 60001 (UID_NOBODY). If n is set to -1, access is denied.

You can combine these options by separating each option with commas, which forms

intricate accessrestrictions. The following examples show some of the more commonly used options:

# share -F nfs -o ro directory
This command restricts access to NFS-mounted resources to read-only access.
# share -F nfs -o ro,rw=client1 directory
This command restricts access to NFS-mounted resources to read-only access;
however, the NFS server accepts both read and write requests from the client
named client1.
# share -F nfs -o root=client2 directory
This command allows the root user on the client named client2 to have
superuser access to the NFS-mounted resources.
# share -F nfs -o ro,anon=0 directory
By setting the option anon=0, the EUID for access to shared resources
by an anonymous user is set to 0.The access is also set to read-only.
While setting the EUID to 0, the same UID as the root user,
might seem to open up security access, the UID of 0 is converted to
the user identity of nobody.This has the effect that an anonymous user
from a client host,where the UID of that user is not known
on the server host, is treated as the user called nobody by
the server (UID=60001).

# share -F nfs \
-o ro=client1:client2,rw=client3:client4,root=client4 directory
This command shares the directory to the four named hosts only. The hosts,
client1 and client2,have read-only access. The hosts client3 and client4 have
read-write access. The root user from host client4 has root privilege access
to the shared directory and its contents.
The share command writes information for all shared file resources to the
/etc/dfs/sharetab file. The file contains a table of the local shared resources.

Note: If no argument is specified, the share command displays a list of
all the currently shared file resources.

# share
-              /usr/local/data   ro   "Shared data files"
-              /rdbms_files   rw,root=sys01   "Database files"

Making File Resources Unavailable for Mounting

Use the unshare command to make file resources unavailable for mount operations. This command reads the /etc/dfs/sharetab file.
unshare [ -F nfs ] pathname
Where:

unshare Command
Option Description
-F nfs
Specifies NFS as the file system type. Because NFS is the default remote file system type, you do not have to specify this option.
pathname
Specifies the path name of the file resource to unshare.

For example, to make the /export/sys44_data directory unavailable for

client-side mount operations,perform the command:# unshare /usr/local/data

Sharing and Unsharing All NFS Resources

Use the shareall and unshareall commands to share and unshare all NFS resources.

The shareall command, when used without arguments, shares all resources listed

in the /etc/dfs/dfstab file.

shareall [ -F nfs ]

The unshareall command, when used without arguments, unshares currently 

shared file resources listed in the /etc/dfs/sharetab file.
unshareall [ -F nfs ] 





 





 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s