NFS
How To use SME as an NFS server
This came from a dtech post about to use SME as a NFS server
Installation
for sme8
1. Install the smeserver-nfs contrib like this:
yum install smeserver-nfs --enablerepo=smecontribs
2. Then execute the following:
- sme8
config setprop nfs status enabled config setprop portmap status enabled config setprop nfslock status enabled
3. Edit /etc/exports to add the directories to be shared (this line exports user home directories and ibays):
/home/e-smith/files *.mydomain(rw,sync,no_wdelay,nohide,no_root_squash)
/home/e-smith/files – shared directory 192.168.1.0/24 – IP address range of clients or *.mydomain – Domain's client allowed rw – Writable permission to shared folder sync – Synchronize shared directory no_root_squash – Enable root privilege no_all_squash – Enable user’s authority
if you want to see all your exports
showmount -e
4. Then, the following, which will reboot the server:
signal-event post-upgrade; signal-event reboot
Couple of notes whilst installing on SME8.....
DB options as follows - status disabled by default :
nfs=service TCPPorts=2049,4002,4003 UDPPorts=2049,4002,4003 access=private mountdPort=4002 rquotadPort=4003 status=disabled
nfslock=service TCPPorts=4000,4001,4004 UDPPorts=4000,4001,4004 access=private lockdPort=4001 statdOutgoingPort=4004 statdPort=4000 status=disabled
portmap=service TCPPort=111 UDPPort=111 access=private status=disabled
After installation & reboot you should be able to update with
signal-event remoteaccess-update
However, I don't think this starts/restarts portmap, hence the reboot on install which should not really be necessary.
for sme9
It is for really soon --Stephdl (talk) 00:18, 7 December 2014 (CET) Remember to first configure the required stephdl repository, then issue the following command on the SME Server shell:
yum install --enablerepo=stephdl smeserver-nfs
You need to activate the service
chkconfig nfs on signal-event nfs-update config set UnsavedChanges no
or if you prefer to restart your server
signal-event post-upgrade; signal-event reboot
If you want modify the Group Ownership or user access permissions, these changes has to be done in the Ibay Panel.
Usage
- Each IP needs to be allowed if you want write permission. For read only permissions, you can open the share to all defined local network in the server-manager
- The NFS share works with Ibays whose the system of permissions are Group based and inherited from the ibay panel. Therefore for changing write/read and group permissions you need to do it in the Ibay panel. You have at the top of the NFS panel a description on the state of permissions and the group ownership.
- NFS works with UID and GID, the user id and group id of the client system are sent in each RPC call, and the permissions these IDs have on the file being accessed are checked on the server. For this to work, the UID and GIDs must be the same on the server and the clients.
- read permissions :
- you can easily allow the share in read permission for the local network and for all defined IP (go to the ibay panel and set the User access to write=group, read=everyone, enabled the share, and allow ip or the local network.)
- Write and read permission for group:
- you have to set a group who own the ibay (in the ibay panel) and change the permissions to Write=group, Read=Group
- All users both in the server and in the clients need to be members of that group with the same GID.
- you have to share the same UID for users between the server and the client
for example the user Helene must share the same UID and GID between the SME Server and the remote client
on remote client # id helene uid=5006(helene) gid=5006(helene) groupes=5006(helene),5002(famille) on SME Server # id helene uid=5006(helene) gid=5006(helene) groupes=5006(helene),500(shared),5002(famille)
-IF the option no_root_squash is set, the root can still write in the ibay, but the issue, is that all root or sudo users of all server allowed to the nfs share can write without controls in the ibay.
UID/GID
- create a group
groupadd -g GID -o GROUPE_NAME
- modify the GID of a group
groupmod -o -g GID GROUPE_NAME
- add a principal group to a user
usermod -g GROUP_NAME_OR_GID USER_NAME
- add a secondary group to a user
usermod -a -G GROUP_NAME_OR_GID USER_NAME
- change the uid of a user
usermod -u UID USER_NAME
- see informations of a user
id USER
Couple of notes whilst installing on SME9.....
DB options as follows - status enabled by default :
nfs=service TCPPorts=2049,4002,4003 UDPPorts=2049,4002,4003 access=private mountdPort=4002 rquotadPort=4003 status=enabled
nfslock=service TCPPorts=4000,4001,4004 UDPPorts=4000,4001,4004 access=private lockdPort=4001 statdOutgoingPort=4004 statdPort=4000 status=enabled
rpcbind=service TCPPort=111 UDPPort=111 access=private status=enabled
you should be able to update with
signal-event nfs-update
see exported folders
You can have a look on all exported folders and see for which ip/network they are allowed.
# showmount -e Export list for hpcompact: /home/e-smith/files/ibays/toto/files 192.168.15.0/24,192.168.12.0/24 /home/e-smith/files/ibays/laurence/files 192.168.12.100,192.168.12.125 /home/e-smith/files/ibays/dolibarr/files 192.168.15.0/24,192.168.12.0/24 /home/e-smith/files/ibays/admin_25465/files 192.168.15.0/24,192.168.12.0/24
find connected clients
netstat -an | grep nfs.server.ip:port
- for example
# netstat -an | grep 192.168.12.125:2049 tcp 0 0 192.168.12.125:2049 192.168.12.25:850 ESTABLISHED
client side
- nfs-comon
install nfs-common (it depends of your distribution)
- mount the network share
mkdir /mnt/partage mount -t nfs 192.168.xx.xxx:/home/e-smith/files /mnt/partage ll /mnt/partage
ToDos
Probably better to make a custom template for /etc/exports
Would be better if there was a web panel to enable/disable nfs per ibay