3,704
edits
Changes
From SME Server
Jump to navigationJump to search
mLine 5:
Line 5: + + − + Line 45:
Line 47: − + − − Line 78:
Line 78: − + + + Line 93:
Line 95: − ====Usage====+ + + + Line 116:
Line 121: + Line 131:
Line 137: − ====Manual Settings for specific Needs==== + Line 160:
Line 166: + Line 169:
Line 176: + Line 200:
Line 208: − + − + + Line 210:
Line 219: − + Line 216:
Line 225: − + +
Formatting and small grammar changes
==Security and NFS==
==Security and NFS==
Something Interesting that will scare you http://www.tldp.org/HOWTO/NFS-HOWTO/security.html
Something Interesting that will scare you http://www.tldp.org/HOWTO/NFS-HOWTO/security.html
==Installation==
==Installation==
===for sme8===
===For SME8===
1. Install the smeserver-nfs contrib like this:
1. Install the smeserver-nfs contrib like this:
==== Couple of notes whilst installing on SME8..... ====
===== Couple of notes whilst installing on SME8..... =====
DB options as follows - status disabled by default :
DB options as follows - status disabled by default :
However, I don't think this starts/restarts portmap, hence the reboot on install which should not really be necessary.
However, I don't think this starts/restarts portmap, hence the reboot on install which should not really be necessary.
===for sme9===
===For SME9===
It is for really soon --[[User:Stephdl|Stephdl]] ([[User talk:Stephdl|talk]]) 00:18, 7 December 2014 (CET)
It is for really soon --[[User:Stephdl|Stephdl]] ([[User talk:Stephdl|talk]]) 00:18, 7 December 2014 (CET)
Remember to first configure the required [[stephdl]] repository, then issue the following command on the SME Server shell:
Remember to first configure the required [[stephdl]] repository, then issue the following command on the SME Server shell:
==Usage==
* Each IP needs to be allowed if you want write permissions. For read only permissions, you can open the share to all defined local network in the server-manager
* Each IP needs to be allowed if you want write permissions. For read only permissions, you can open the share to all defined local network in the server-manager
* The NFS share works with Ibays whose the system of permissions are Group based and inherited from the ibay panel. Therefore for changing write/read and group permissions you can do it in the NFS Ibay panel. You have at the top of the NFS panel boxes on the state of permissions and the group ownership.
* The NFS share works with Ibays whose the system of permissions are Group based and inherited from the ibay panel. Therefore for changing write/read and group permissions you can do it in the NFS Ibay panel. You have at the top of the NFS panel boxes on the state of permissions and the group ownership.
* NFS works with UID and GID, the user id and group id of the client system are sent in each RPC call, and the permissions these IDs have on the file being accessed are checked on the server. For this to work, the UID and GIDs must be the same on the server and the clients.
* NFS works with UID and GID, the user id and group id of the client system are sent in each RPC call, and the permissions these IDs have on the file being accessed are checked on the server. For this to work, the UID and GIDs must be the same on the server and the clients.
=====Read permissions=====
=====Read permissions=====
- you can easily allow the share in read permission for the local network and for all defined IP (go to the NFS ibay panel and set the User access to write=group, read=everyone, enabled the share, and allow IP(s) or the local network in the nfs panel)
- you can easily allow the share in read permission for the local network and for all defined IP (go to the NFS ibay panel and set the User access to write=group, read=everyone, enabled the share, and allow IP(s) or the local network in the nfs panel)
=====Write and read permission for group=====
=====Write and read permission for group=====
{{Warning box|IF the option no_root_squash is set, the root and all sudoers of every allowed servers to the nfs share are able to write without controls in the ibay.}}
{{Warning box|IF the option no_root_squash is set, the root and all sudoers of every allowed servers to the nfs share are able to write without controls in the ibay.}}
====UID/GID====
====UID/GID====
usermod -a -G '''GROUP_NAME_OR_GID''' USER_NAME
usermod -a -G '''GROUP_NAME_OR_GID''' USER_NAME
====Manual Settings for specific needs====
Nfs offers a lot of parameters and you may need some specific settings that it would be difficult or dangerous to let them in all hands. So for some cases you can enable by db command your nfs shares
Nfs offers a lot of parameters and you may need some specific settings that it would be difficult or dangerous to let them in all hands. So for some cases you can enable by db command your nfs shares
and
and
less /etc/exports
less /etc/exports
====Common Mount permission options====
====Common Mount permission options====
root_squash Prevents root users
root_squash Prevents root users
no_root_squash Allow root users
no_root_squash Allow root users
==== Couple of notes whilst installing on SME9..... ====
==== Couple of notes whilst installing on SME9..... ====
signal-event nfs-update
signal-event nfs-update
==see exported folders==
You can have a look on all exported folders and see for which ip/network they are allowed.
==Exported folders overview==
You can have an overview of all exported folders and see for which ip/network they are allowed.
# showmount -e
# showmount -e
Export list for hpcompact:
Export list for hpcompact:
==find connected clients==
==Show connected clients==
netstat -an | grep nfs.server.ip:port
netstat -an | grep nfs.server.ip:port
* for example if you nfs server IP is 192.168.12.125
* for example if you nfs server IP is 192.168.12.125
tcp 0 0 192.168.12.125:2049 192.168.12.25:850 ESTABLISHED
tcp 0 0 192.168.12.125:2049 192.168.12.25:850 ESTABLISHED
==client side==
==Linux Client==
* nfs-utils
* nfs-utils
yum install nfs-utils
yum install nfs-utils
