Difference between revisions of "NFS"

From SME Server
Jump to navigationJump to search
Line 91: Line 91:
 
or if you prefer to restart your server
 
or if you prefer to restart your server
 
  signal-event post-upgrade; signal-event reboot
 
  signal-event post-upgrade; signal-event reboot
{{Note box | For security Reasons you can not enable Your NFS Share in ''''Read and Write, No Root Squash and insecure'''' options for the whole local network, you have to specify each IP allowed for these insecure settings.}}
+
{{Note box | For security Reasons you can not enable Your NFS Share in ''''Read and Write, No Root Squash and Insecure'''' options for the whole local network, you have to specify each IP allowed for these insecure settings.}}
  
 
If you want modify the Group Ownership or user access permissions, these changes has to be done in the Ibay Panel.
 
If you want modify the Group Ownership or user access permissions, these changes has to be done in the Ibay Panel.

Revision as of 17:29, 7 December 2014

How To use SME as an NFS server

This came from a dtech post about to use SME as a NFS server


Important.png Note:
you have some documentation available for CENTOS6 and CENTOS5


Installation

for sme8

1. Install the smeserver-nfs contrib like this: 

yum install smeserver-nfs --enablerepo=smecontribs

2. Then execute the following:

  • sme8
config setprop nfs status enabled
config setprop portmap status enabled
config setprop nfslock status enabled

3. Edit /etc/exports to add the directories to be shared (this line exports user home directories and ibays): 

/home/e-smith/files    *.mydomain(rw,sync,no_wdelay,nohide,no_root_squash)

/home/e-smith/files  – shared directory

192.168.1.0/24           – IP address range of clients
or
*.mydomain               – Domain's client allowed

rw                       – Writable permission to shared folder
sync                     – Synchronize shared directory
no_root_squash           – Enable root privilege
no_all_squash            – Enable user’s authority

if you want to see all your exports 

showmount -e


Warning.png Warning:
Make sure to leave a blank line at the end of the file.


securing NFS Securing2

4. Then, the following, which will reboot the server: 

signal-event post-upgrade; signal-event reboot


Couple of notes whilst installing on SME8.....

DB options as follows - status disabled by default : 

nfs=service
   TCPPorts=2049,4002,4003
   UDPPorts=2049,4002,4003
   access=private
   mountdPort=4002
   rquotadPort=4003
   status=disabled

nfslock=service
   TCPPorts=4000,4001,4004
   UDPPorts=4000,4001,4004
   access=private
   lockdPort=4001
   statdOutgoingPort=4004
   statdPort=4000
   status=disabled

portmap=service
   TCPPort=111
   UDPPort=111
   access=private
   status=disabled

After installation & reboot you should be able to update with 

signal-event remoteaccess-update

However, I don't think this starts/restarts portmap, hence the reboot on install which should not really be necessary.

for sme9

It is for really soon --Stephdl (talk) 00:18, 7 December 2014 (CET) Remember to first configure the required stephdl repository, then issue the following command on the SME Server shell: 

yum install --enablerepo=stephdl smeserver-nfs

You need to activate the service 

chkconfig nfs on
signal-event nfs-update
config set UnsavedChanges no

or if you prefer to restart your server 

signal-event post-upgrade; signal-event reboot
Important.png Note:
For security Reasons you can not enable Your NFS Share in 'Read and Write, No Root Squash and Insecure' options for the whole local network, you have to specify each IP allowed for these insecure settings.


If you want modify the Group Ownership or user access permissions, these changes has to be done in the Ibay Panel.

Couple of notes whilst installing on SME9.....

DB options as follows - status enabled by default : 

nfs=service
   TCPPorts=2049,4002,4003
   UDPPorts=2049,4002,4003
   access=private
   mountdPort=4002
   rquotadPort=4003
   status=enabled

nfslock=service
   TCPPorts=4000,4001,4004
   UDPPorts=4000,4001,4004
   access=private
   lockdPort=4001
   statdOutgoingPort=4004
   statdPort=4000
   status=enabled

rpcbind=service
   TCPPort=111
   UDPPort=111
   access=private
   status=enabled

you should be able to update with 

signal-event nfs-update

see exported folders

You can have a look on all exported folders and see for which ip/network they are allowed. 

# showmount -e
Export list for hpcompact:
/home/e-smith/files/ibays/toto/files        192.168.15.0/24,192.168.12.0/24
/home/e-smith/files/ibays/laurence/files    192.168.12.100,192.168.12.125
/home/e-smith/files/ibays/dolibarr/files    192.168.15.0/24,192.168.12.0/24
/home/e-smith/files/ibays/admin_25465/files 192.168.15.0/24,192.168.12.0/24


find connected clients

netstat -an | grep nfs.server.ip:port
  • for example
# netstat -an | grep 192.168.12.125:2049
tcp        0      0 192.168.12.125:2049         192.168.12.25:850           ESTABLISHED

client side

  • nfs-comon

install nfs-common (it depends of your distribution)

  • mount the network share
mkdir /mnt/partage
mount -t nfs 192.168.xx.xxx:/home/e-smith/files /mnt/partage
ll /mnt/partage

ToDos

Probably better to make a custom template for /etc/exports

Would be better if there was a web panel to enable/disable nfs per ibay

Retrieved from "https://wiki.koozali.org/index.php?title=NFS&oldid=26430"